9d61c314679e20b6fb1afba69a4f8eb92409ee08f3071170f3a0597f8f47f5f4 | Triage

Sharing

General

Target

f646ada163c46dbd4c59cd52e5bc1c2f_mafia_JC.exe
Size

184KB
Sample

230831-vcbw4sgc6x
MD5

f646ada163c46dbd4c59cd52e5bc1c2f
SHA1

09858f3f5ee8739a738c50f0ba37c9784b49438b
SHA256

9d61c314679e20b6fb1afba69a4f8eb92409ee08f3071170f3a0597f8f47f5f4
SHA512

d40757c84d1f99a8e2cda1c3f7543f5d85cfcab23271d8bdcd173def7b2304d5a7f6e22ab17be68cad178646f7b27f763389e239acdad71fbc8afb5fdb045dbe
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO32:/7BSH8zUB+nGESaaRvoB7FJNndnr

Score

8^/10

Malware Config

Targets

- Target
  
  f646ada163c46dbd4c59cd52e5bc1c2f_mafia_JC.exe
- Size
  
  184KB
- MD5
  
  f646ada163c46dbd4c59cd52e5bc1c2f
- SHA1
  
  09858f3f5ee8739a738c50f0ba37c9784b49438b
- SHA256
  
  9d61c314679e20b6fb1afba69a4f8eb92409ee08f3071170f3a0597f8f47f5f4
- SHA512
  
  d40757c84d1f99a8e2cda1c3f7543f5d85cfcab23271d8bdcd173def7b2304d5a7f6e22ab17be68cad178646f7b27f763389e239acdad71fbc8afb5fdb045dbe
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO32:/7BSH8zUB+nGESaaRvoB7FJNndnr
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2