General
-
Target
2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber
-
Size
2.9MB
-
Sample
240630-tb5x5azgkd
-
MD5
a929042a85c0ebe291a1b2b55f948567
-
SHA1
1211f45dc01988f0ba2f63b13e197af6e27603be
-
SHA256
e77d8392c09e6c1a42337f0079967c879bbf933358436a38791e4014f3ebfd7b
-
SHA512
1e9d36cb684d9d4b6be8efb02a30bf020d3661b6718ab3bcfbb62d9a2c0cedc9d37197443aad00a7a6db340a6cdebe268f1b5341282777ee2a2790d0f1417a2a
-
SSDEEP
49152:VpAJ4K/kZCRW6JIAYtBRVXJT8IE+eDvkX6uPh0OR8/dJ388mS5vbv+fH2rJnLs5V:gdkyIAYt3VXNeTkquPhO881Vv5LndS
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber.exe
Resource
win7-20240508-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-06-30_a929042a85c0ebe291a1b2b55f948567_magniber
-
Size
2.9MB
-
MD5
a929042a85c0ebe291a1b2b55f948567
-
SHA1
1211f45dc01988f0ba2f63b13e197af6e27603be
-
SHA256
e77d8392c09e6c1a42337f0079967c879bbf933358436a38791e4014f3ebfd7b
-
SHA512
1e9d36cb684d9d4b6be8efb02a30bf020d3661b6718ab3bcfbb62d9a2c0cedc9d37197443aad00a7a6db340a6cdebe268f1b5341282777ee2a2790d0f1417a2a
-
SSDEEP
49152:VpAJ4K/kZCRW6JIAYtBRVXJT8IE+eDvkX6uPh0OR8/dJ388mS5vbv+fH2rJnLs5V:gdkyIAYt3VXNeTkquPhO881Vv5LndS
-
Modifies firewall policy service
-
Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality
-
UPX dump on OEP (original entry point)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Pre-OS Boot
1Bootkit
1