mafiaware666 | 7026f3039dffe9b6274b3bc5bd29ba5399d979c77bf80e20cd1c28965b4a7c78 | Triage

Submit
Reports

Overview

overview

Static

static

FB345CA471...17.exe

windows7-x64

FB345CA471...17.exe

windows10-2004-x64

Sharing

General

Target

FB345CA471C5BA5E86F62F15FA3F7B17.exe
Size

100KB
Sample

221130-thzppaha5z
MD5

fb345ca471c5ba5e86f62f15fa3f7b17
SHA1

e2f15273e745384a9c5544d3125a2275dca57164
SHA256

7026f3039dffe9b6274b3bc5bd29ba5399d979c77bf80e20cd1c28965b4a7c78
SHA512

8125e5f2e06212c1841ad5359ed6e7e5c5329784b067e71adc78c668d7101493cf470156d41c2264d6c2baae635b179618041e589e6acb8ebd14a4d105e356ed
SSDEEP

768:5Dea8sjqvNAPLNngBTsvKBljHS/vJsUbKfO2yMMz/C1Yckin:VTjMWLvCBFyyUbKfO2yZz/Cein

Score

10^/10

mafiaware666 evasion persistence ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

FB345CA471C5BA5E86F62F15FA3F7B17.exe

Resource

win7-20220901-en

mafiaware666 ransomware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

FB345CA471C5BA5E86F62F15FA3F7B17.exe

Resource

win10v2004-20220812-en

mafiaware666 evasion persistence ransomware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  FB345CA471C5BA5E86F62F15FA3F7B17.exe
- Size
  
  100KB
- MD5
  
  fb345ca471c5ba5e86f62f15fa3f7b17
- SHA1
  
  e2f15273e745384a9c5544d3125a2275dca57164
- SHA256
  
  7026f3039dffe9b6274b3bc5bd29ba5399d979c77bf80e20cd1c28965b4a7c78
- SHA512
  
  8125e5f2e06212c1841ad5359ed6e7e5c5329784b067e71adc78c668d7101493cf470156d41c2264d6c2baae635b179618041e589e6acb8ebd14a4d105e356ed
- SSDEEP
  
  768:5Dea8sjqvNAPLNngBTsvKBljHS/vJsUbKfO2yMMz/C1Yckin:VTjMWLvCBFyyUbKfO2yZz/Cein
Score

10^/10

mafiaware666 ransomware evasion persistence
- Detect MafiaWare666 ransomware
- MafiaWare666 Ransomware
  MafiaWare666 is ransomware written in C# with multiple variants.
  ransomware mafiaware666
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mafiaware666ransomware

behavioral2

mafiaware666evasionpersistenceransomware

© 2018-2025

Terms | Privacy