Shares tags: Ransomware, Magniber • Same author: Ahnlab • Published within a month
Magniber Ransomware’s Relaunch Technique
2023-02-23 • Ahnlab •
ASEC analyzed a Magniber relaunch mechanism in MSI-distributed samples aimed at Chrome and Edge users through typosquatting. The ransomware injects payloads into user processes and randomly chooses between immediate encryption and persistence setup. For persistence, it registers a dummy .3fr file under the Run key and links it to a command that downloads fresh Magniber on reboot, enabling reinfection after the first compromise. ASEC said distribution had stopped after February 20 but could resume later.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 65ac438561b3a415876dff89d2804a13 | 2023-02-23 | 2023-02-23 |
| HASH | 162d6827d206fbab285c09b518f30ec9 | 2023-02-23 | 2023-02-23 |
| HASH | be1fbf7bf36efcf84a604da24b93d97f | 2023-02-23 | 2023-02-23 |
| HASH | c32d55881a9290267ddbe7005b12b6b8 | 2023-02-23 | 2023-02-23 |
| HASH | fad8957047b31c13ac7ae4f72c4775d4 | 2023-02-23 | 2023-02-23 |
| HASH | 1484d68f70fca635fa36bdf6d0493fbf | 2023-02-23 | 2023-02-23 |
| HASH | 35c3743df22ea0de26aeac37a88da1c9 | 2023-02-23 | 2023-02-23 |
| HASH | aa4c28fb3cd600745aa0abd616b2b128 | 2023-02-23 | 2023-02-23 |
| HASH | bd952ad584866bcd4454a3385b615c74 | 2023-02-23 | 2023-02-23 |
| HASH | 0723b125887e632bd2203680b75efb57 | 2023-02-23 | 2023-02-23 |
Related Reports
Shares tags: Ransomware, Magniber • Same author: Ahnlab
Shares tags: Ransomware, Magniber • Same author: Ahnlab
Shares tag: Ransomware • Same author: Ahnlab • Published within a month
Shares tag: Ransomware • Same author: Ahnlab • Published within a month
Shares tags: Ransomware, Magniber