mafiaware666 | 2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter[.]exe | Triage

Sharing

General

Target

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
Size

3.3MB
MD5

acd46f88a6f90143090c342c10544ccf
SHA1

bb90bed3b0d747feeac32536d75c6d153b34be0b
SHA256

8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c
SHA512

82e91a14b2a7bfb659a566df7caf7f8dc28b61a14c504dd6ca23166ff2bb142114a43c5a3c70309022d813f34fb3aa63d321d964f3b6178e42b650ac0e56e84f
SSDEEP

24576:v54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKI:CIAWjdAp1PagjLuSh3i+FtvkMzT+

Score

10^/10

mafiaware666 modiloader

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
sample	family_mafiaware666

Mafiaware666 family
mafiaware666

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Files

2023-02-14_acd46f88a6f90143090c342c10544ccf_kovter.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ