mafiaware666 | 8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c

General

Target

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
Size

3.3MB
MD5

acd46f88a6f90143090c342c10544ccf
SHA1

bb90bed3b0d747feeac32536d75c6d153b34be0b
SHA256

8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c
SHA512

82e91a14b2a7bfb659a566df7caf7f8dc28b61a14c504dd6ca23166ff2bb142114a43c5a3c70309022d813f34fb3aa63d321d964f3b6178e42b650ac0e56e84f
SSDEEP

24576:v54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKI:CIAWjdAp1PagjLuSh3i+FtvkMzT+

Score

10^/10

mafiaware666 ransomware

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4868-132-0x0000000000D90000-0x0000000000DDA000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666

Modifies extensions of user files 11 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

description	ioc	process
File created	C:\Users\Admin\Pictures\ConfirmDisconnect.png.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\GetEdit.raw.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Pictures\InstallTrace.tiff	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\PopSkip.raw.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\CheckpointRepair.tif.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\GrantGroup.png.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\HideMerge.tiff.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Pictures\HideMerge.tiff	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\ImportStop.crw.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\InstallTrace.tiff.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Users\Admin\Pictures\StopHide.crw.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

Drops desktop.ini file(s) 7 IoCs

Processes:

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

Drops file in Program Files directory 64 IoCs

Processes:

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libGLESv2.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libEGL.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_43.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\InAppSign.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\desktop.ini.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx.clay	2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe

C:\Users\Admin\AppData\Local\Temp\2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
"C:\Users\Admin\AppData\Local\Temp\2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe"
1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4868-132-0x0000000000D90000-0x0000000000DDA000-memory.dmp

Filesize
296KB

Download
memory/4868-133-0x0000000005CE0000-0x0000000006284000-memory.dmp

Filesize
5.6MB

Download
memory/4868-134-0x0000000005640000-0x00000000056D2000-memory.dmp

Filesize
584KB

Download
memory/4868-135-0x0000000005930000-0x000000000593A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads