mafiaware666 | 8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c

General

Target

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
Size

3.3MB
MD5

acd46f88a6f90143090c342c10544ccf
SHA1

bb90bed3b0d747feeac32536d75c6d153b34be0b
SHA256

8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c
SHA512

82e91a14b2a7bfb659a566df7caf7f8dc28b61a14c504dd6ca23166ff2bb142114a43c5a3c70309022d813f34fb3aa63d321d964f3b6178e42b650ac0e56e84f
SSDEEP

24576:v54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKI:CIAWjdAp1PagjLuSh3i+FtvkMzT+

Score

10^/10

mafiaware666 ransomware

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2020-54-0x0000000000A50000-0x0000000000A9A000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\PublishCheckpoint.tiff	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\UnblockWrite.png.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\BlockWatch.raw.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\PublishCheckpoint.tiff.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

Drops desktop.ini file(s) 5 IoCs

Processes:

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

Drops file in Program Files directory 64 IoCs

Processes:

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSWDS_FR.LEX.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OSETUP.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FNT	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_XPS.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\README.HTM.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FDATE.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\IETAG.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.TXT.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MUOPTIN.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ADO210.CHM.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\Office64WW.XML	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FNT.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.WPG	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODTXT.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ProPlusWW.XML	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FSTOCK.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FDATE.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\EEINTL.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_XPS.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\IACOM2.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEODBCI.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\MSCDM.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODBC.DLL	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\EEINTL.DLL.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ADO210.CHM	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

C:\Users\Admin\AppData\Local\Temp\2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
"C:\Users\Admin\AppData\Local\Temp\2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe"
1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2020

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-54-0x0000000000A50000-0x0000000000A9A000-memory.dmp

Filesize
296KB

Download
memory/2020-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/2020-56-0x0000000000575000-0x0000000000586000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads