MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Magniber


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675
SHA3-384 hash: 3b43adf4c69ee1d746b3a788802e5ca09a0b2d915dde23b87aa668839e79c623ae148316431705985e4f7f41183542d0
SHA1 hash: 12c822103678fed7b928f0202eb7e51714ab3b56
MD5 hash: 4160c35d3c600712b528e8072de1bc58
humanhash: high-asparagus-item-bakerloo
File name:3.exe
Download: download sample
Signature Magniber
Create hunting rule
File size:21'504 bytes
First seen:2021-06-22 14:05:35 UTC
Last seen:2021-06-22 14:42:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 384:LhRjUkyke1MncmmVnvFA6p3XMReCvOu410LtdjgRyCbXbO9hB7tJP9x/nDkN:LDjokncmmR7pXCvOZ02yEXEhBZeN
Threatray 4 similar samples on MalwareBazaar
TLSH 58A2CF25B831D68FD4D8D93C259A0C57D096B9E193664E03F29B7913D1DCB930D0B4ED
Reporter LittleRedBean2
Tags:exe Magniber Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
272
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3.exe
Verdict:
No threats detected
Analysis date:
2021-06-22 14:17:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2eeb1bb1-9a88-4994-a245-e2994793afbb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/167588/
Detection(s):
SecuriteInfo.com.Variant.Cerbu.105049.32458.15549.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/930b1ac6-1aec-4889-8c5b-80948dda5795
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/806015
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 438426 Sample: 3.exe Startdate: 22/06/2021 Architecture: WINDOWS Score: 48 15 clientconfig.passport.net 2->15 19 Multi AV Scanner detection for submitted file 2->19 7 3.exe 2->7         started        signatures3 process4 process5 9 WerFault.exe 17 9 7->9         started        dnsIp6 17 192.168.2.1 unknown unknown 9->17 13 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 9->13 dropped file7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675/
Threat name:
Win64.Ransomware.Encoder
Create hunting rule
Status:
Malicious
First seen:
2021-06-18 19:17:36 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kvxjtqryrdc3nbh3ns76v2v3ngvez6tomlshbfcieaxcuhbiz2q._file
Verdict:
unknown
Similar samples:
0e9cb980e176c55c4694f8cb8b4fad949926887ec9e8ba209058bf22f2b359d6
Magniber
404f05e16218e8fd6be8ddbe8b1e902bd523b21213928f2f595b29e0fce42a5a
Magniber
49921e6531eac85bf200970640a074072f6071b7a18d23af56706788cd421c1c
Magniber
9f72ed1dc20575f4e19a75256a0df8871561008ce1387e12d932598c21a5b16f
Magniber
Result
Malware family:
magniber
Create hunting rule
Score:
  10/10
Tags:
family:magniber ransomware
Link:
https://tria.ge/reports/210622-d5a6vpshn6/
Behaviour
Interacts with shadow copies
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Deletes shadow copies
Magniber Ransomware
Process spawned unexpected child process
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675
MD5 hash:
4160c35d3c600712b528e8072de1bc58
SHA1 hash:
12c822103678fed7b928f0202eb7e51714ab3b56
Link:
https://www.unpac.me/results/a0b27752-4035-476b-9bdf-43825a0c50c9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Magniber

Executable exe f2ab74ce11c4462db427db65ff5755db4d5267d373172384a241017150e14675

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/167588/

Comments