magniber | 1bce9126a12afe2c0b6582ddbf211dc45ba82f3c2b82a179f0a607a5b4e4f577 | Triage

Submit
Reports

Overview

overview

Static

static

1

2edafe324b...62.msi

windows7-x64

6

2edafe324b...62.msi

windows10-2004-x64

Sharing

General

Target

21078263477.zip
Size

76KB
Sample

250201-zcvrfa1ldm
MD5

ed22a91984792faed78fd116508f6156
SHA1

bc3a91d832cd559ad1320faa888e5f478411b953
SHA256

1bce9126a12afe2c0b6582ddbf211dc45ba82f3c2b82a179f0a607a5b4e4f577
SHA512

16c84428b5c75b9f514aa24d3d01f257760489765a08c64be8c09765422dc40ed2384493287825966d96a29f82dea351842af5358fabf17cd8e2b1b2c3cc11c2
SSDEEP

1536:PwijqT8y4WCrejYfr7EqQvR4g7lFNKow/3EdLlHwxE/cXGyFXRpFyPjs7jT:Yi+r45u6nE7vR17lFsh8zQxE/cJ1jFgm

Score

10^/10

magniber evasion persistence privilege_escalation ransomware

Static task

static1

Behavioral task

behavioral1

Sample

2edafe324bbeec87dba04c61032a04815227dcf472f98411a2cd8d377651e862.msi

Resource

win7-20240729-en

persistence privilege_escalation

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2edafe324bbeec87dba04c61032a04815227dcf472f98411a2cd8d377651e862.msi

Resource

win10v2004-20250129-en

magniber evasion persistence privilege_escalation ransomware

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  2edafe324bbeec87dba04c61032a04815227dcf472f98411a2cd8d377651e862
- Size
  
  19.9MB
- MD5
  
  91d33bd53d76d436bb7a058a5f0622ff
- SHA1
  
  ec7404efa1deb47b9ffce7a23e2b08c8156c64f4
- SHA256
  
  2edafe324bbeec87dba04c61032a04815227dcf472f98411a2cd8d377651e862
- SHA512
  
  40d9a87fc2e545f81855b6ecf9e57a5430eef2c3c0d03789a5a6d350ee2a32e82f9f53020fb54b87942915841689e4e3825330023b7c6d409365a51b50f6e74d
- SSDEEP
  
  1536:DRGRtpZg7sNN/nR9k2AzwD0a0g0z0h0VrjJD/HRFDZyaD:cbpO7sNNrkTzxf4GVxrDZya
Score

10^/10

persistence privilege_escalation magniber evasion ransomware
- Detect magniber ransomware
- Magniber Ransomware
  Ransomware family widely seen in Asia being distributed by the Magnitude exploit kit.
  ransomware magniber
- Magniber family
  magniber
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (88) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

Indicator Removal

File Deletion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

magniberevasionpersistenceprivilege_escalationransomware

© 2018-2025

Terms | Privacy