Skip to content

Latest commit

 

History

History

Magniber

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
samples
samples
 
 
README.md
README.md
 
 

README.md

Magniber

  • First seen: mid 2017
  • Aliases:
  • Samples:
    • 2e6f9a48d854add9f895a3737fa5fcc9d38d082466765e550cca2dc47a10618e | windows | ransom | pe
    • ad89fb8819f98e38cddf6135004e1d93e8c8e4cba681ba16d408c4d69317eb47 | windows | ransom | js
    • 8efb4e8bc17486b816088679d8b10f8985a31bc93488c4b65116f56872c1ff16 | windows | ransom | pe

Magniber Windows Payload (First Version).

Basic Properties

Property Value
Size 164352 bytes
CRC32 0x6f3131e6
MD5 59ef984c16a5c1723d9958fbeb1b7450
SHA1 a7bcd0188e3fd0f16226ab44477a04662a5c5450
SHA256 2e6f9a48d854add9f895a3737fa5fcc9d38d082466765e550cca2dc47a10618e
SHA512 f41dab8e2b0fd3838343a201c3af93508114b33b44838964e517f5dc2588d9662f70f23f118b0be1c29ff964b18fe97d27131e2d4f1972a15c1e93dd575fc133
Ssdeep 3072:8T1obSJnCU2trhT/5JPbZDR/w1mqo+xWG1xEJi9C9Tv8NoI:8xou5CUch1DR/cZxWG71OTv8OI
Magic PE32 executable (GUI) Intel 80386, for MS Windows
Packer PE: compiler: Microsoft Visual C/C++(2008)[libcmt]
PE: linker: Microsoft Linker(9.0)[EXE32]
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)

Antivirus Scan

+ Avast: clean
- Avira: HEUR/AGEN.1027843
- Bitdefender: Trojan.BRMon.Gen.3
- Clamav: Win.Trojan.Emotet-6348465-0
- Comodo: Malware
- Drweb: Trojan.DownLoad3.46510
- Eset: Win32/Injector.DSPI
- Fsecure: Heuristic.HEUR/AGEN.1316667
- Kaspersky: HEUR:Trojan.Win32.Generic
+ Mcafee: clean
- Sophos: Troj/Inject-CVL
- Symantec: Trojan Horse
- Trendmicro: Ransom_MAGNIBER.A
- Windefender: Ransom:Win32/Sobnot.A

Magniber JavaScript Payload (CVE-2022-44698)

Basic Properties

Property Value
Size 182759 bytes
CRC32 0xa843c232
MD5 e9b9ce56b0addb957e04cd2d511a4d79
SHA1 6a10568f54ebe38f1739eff2e35e91ec21ff622b
SHA256 ad89fb8819f98e38cddf6135004e1d93e8c8e4cba681ba16d408c4d69317eb47
SHA512 cabb563fedd63d2d1cbd1d94924b39f46d8c38c8f6621b793dbbc3dfdec678b003f558796c9858eee90481d74606d01fc0da21d6f2ab971a05a271b25be44658
Ssdeep 1536:9A82dWvrerYVYWXHLI0Jw1S133PICle25gfHWfY5:w25gf2fA
Magic ASCII text, with very long lines, with CRLF line terminators
Packer Text: format: plain text
TrID Warning: file seems to be plain text/ASCII
TrID is best suited to analyze binary files!
Unknown!

Antivirus Scan

+ Avast: clean
- Avira: JS/Agent.bsq
- Bitdefender: Trojan.GenericKD.62059771
+ Clamav: clean
+ Comodo: clean
+ Drweb: clean
- Eset: JS/Kryptik.CHH
- Fsecure: Malware.JS/Agent.bsq
- Kaspersky: HEUR:Trojan.Script.Alien.gen
- Mcafee: JS/Agent.fq
+ Sophos: clean
- Symantec: JS.Downloader
+ Trendmicro: clean
- Windefender: Ransom:JS/Magniber!MTB

Magniber MSI Payload (CVE-2023-24880)

Basic Properties

Property Value
Size 16448449 bytes
CRC32 0x6fa18f35
MD5 779a5c56da80c053e03cea35fbb363fb
SHA1 0bfa22599aaacb104ea038318e3efdb6fc84ce38
SHA256 8efb4e8bc17486b816088679d8b10f8985a31bc93488c4b65116f56872c1ff16
SHA512 ca943596ec5ec7ac3856518ab2c7e85e9a11746b81326b8f1114a4ab282f1df074de4d66d517c00ac5bb085f71e28b71c125b7921ab441e22cf20bc28ddb7d34
Ssdeep 1536:pRi4s4EbBkh0Uu8ZnvIGhOvMGmkzCm7bgFSuBSllMlk67pYflEdrJsjA1:gbqPHFvSjujFao1RrW
Magic Composite Document File V2 Document, Little Endian, Os
Packer Binary: archive: Microsoft Compound(MS Office 97-2003 or MSI etc.)
TrID 88.4% (.MST) Windows SDK Setup Transform script (61000/1/5)
11.5% (.) Generic OLE2 / Multistream Compound (8000/1)

Antivirus Scan

+ Avast: clean
- Avira: TR/Agent.fabtq
- Bitdefender: Trojan.Pterodactyl.Agent.GCEB.A
+ Clamav: clean
+ Comodo: clean
+ Drweb: clean
- Eset: Win64/Kryptik.DRS
- Fsecure: Heuristic.HEUR/AGEN.1300649
+ Kaspersky: clean
+ Mcafee: clean
+ Sophos: clean
- Symantec: Trojan.Gen.2
+ Trendmicro: clean
- Windefender: Ransom:Win64/Magniber.SP!MTB

References