My title Page contents

Video of Blocking Latest Magniber Ransomware Using V3 (AMSI

The ASEC analysis team introduced the Magniber variants in the blog posted on September 15th. From September 16th, the Magniber ransomware script, whilst still a javascript, has its file extension changed from *.jse to *.js. As Magniber changed to javascript starting September 8th, its operational method has also changed from the previous method. The currently distributed javascript file contains a .NET DLL (see Figure 2), and injects the Magniber shell code into currently running processes. The overall operation flow of the latest Magniber is shown in Figure 1.

Figure 1. Change in Magniber ransomware (*.cpl → *.jse) as of September 8th
Figure 2. .NET DLL that has Magniber shellcode included

Magniber shellcode is embedded inside the .Net DLL and the purpose of the shellcode is to inject the Magniber shellcode into multiple currently running processes. Figure 3 shows the code routine through which the Magniber shellcode injects the shellcode into a normal running process. As a result of the code routine shown in Figure 3, a normal process that is running in the user system behaves as ransomware.

Figure 3. Injection code routine of Magniber ransomware

V3 products detect and block latest Magniber variants using Malicious Script Detection (AMSI) and Process Memory Scan.

Figure 4. V3 Settings (AMSI & Process Memory Scan)

Currently, AhnLab is responding to the Magniber ransomware with not only file detection but also using various detection methods. Thus, it is recommended that users should select Enable Process Memory Scan and Use Malicious Script Detection (AMSI) options in [V3 Settings] – [Scan Settings].

[IOC]
[MD5 (Detection Name)] – Javascript File Detection
– f75c520810b136867a66b1c24f610a5b (Ransomware/JS.Magniber.S1915 (2022.09.15.03))

[Process Memory Scan]
– Ransomware/Win.Magniber.XM153 (2022.09.15.03)

[MD5 (Detection Name)] – AMSI Detection (.NET DLL)
– e59d7d6db1fcc8dfa57c244ebffc6de7 (Ransomware/Win.Magniber.R519329 (2022.09.15.02))

Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.

The post Video of Blocking Latest Magniber Ransomware Using V3 (AMSI + Memory Scan) appeared first on ASEC BLOG.

Article Link: Video of Blocking Latest Magniber Ransomware Using V3 (AMSI + Memory Scan) – ASEC BLOG

Navigating the Intricacies of Spyware and Viruses
Spyware and Viruses

Navigating the Intricacies of Spyware and Viruses

Navigating the Intricacies of Spyware and Viruses : In the vast expanse of the digital landscape, where information highways intersect, lurk clandestine entities that threaten the very fabric of cybersecurity. This article delves into the intricacies of spyware and viruses, shedding light on the malevolent forces that navigate the unseen corners of the internet. Understanding […]

Read More
Spyware Viruses
Spyware and Viruses

Unraveling the Enigma of Spyware Viruses

Spyware Viruses In the digital realm, the battle between cybersecurity and cyber threats rages on. Among the nefarious entities lurking in the shadows of the internet, spyware viruses stand out as a particularly insidious and cunning breed of malicious software. To comprehend the full scope of their impact, we must first explore the nature of […]

Read More
Removing Malware Demystified
Spyware and Viruses

Unmasking the Culprit: Removing Malware Demystified

Removing Malware Demystified. In the ever-expanding realm of cyberspace, the lurking shadows of malware are a constant threat. These digital parasites, stealthily infiltrating our systems, can wreak havoc on our digital lives. But fear not, for in this guide, we embark on a mission to unveil the secrets of removing malware and reclaiming control of […]

Read More
Open chat
1
ADMIN AKDWEBS
Hello,
Iam Guest Posting Service
I Have 600 Site
Status : Indexed All
Good DA : 40-60
Different Nice I Category
Drip Feed Allowed
I can instant publish
ASAP

My Service :
1. I will do your orders maximum of 1X24 hours, if at the time i’am online. I will do a maximum of 1 hour and the process is complete.
2. If any of you orders are not completed a maximum of 1x24 hours, you do not have to pay me, or free.
3. For the weekend, I usually online, that weekend when i’am not online, it means i’am working Monday.
4. For the payment, maximum payed one day after published live link.
5. Payment via paypal account
If you interesting, please reply
Thank You
Regards,
AKDSEO