45932229c5a803f9247cfd806e4b18c387a487c039a9879f47d7ae4482629abe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_908143a3eb672fc34110492511f6a473_mafia
Size

6.9MB
Sample

240107-pdsncsfba5
MD5

908143a3eb672fc34110492511f6a473
SHA1

42d4dd304eeede50f40b0e7eff61b086d80d9fea
SHA256

45932229c5a803f9247cfd806e4b18c387a487c039a9879f47d7ae4482629abe
SHA512

d7078a01e236871ca2787f59f79a8a3be49e66751e3738c428ec9c5cb5d89d33e351f5adec5542b281bd86e88e32707b7226815460e47348fde2575a7975b269
SSDEEP

98304:ftJc7TDT2w5eWsms7J0gPUlZ4gQ2ijpz8EvoFUP0y23P2MN0hjBc02h:ffSDt8Ws/rgQ2ixAN0hm02h

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  2024-01-06_908143a3eb672fc34110492511f6a473_mafia
- Size
  
  6.9MB
- MD5
  
  908143a3eb672fc34110492511f6a473
- SHA1
  
  42d4dd304eeede50f40b0e7eff61b086d80d9fea
- SHA256
  
  45932229c5a803f9247cfd806e4b18c387a487c039a9879f47d7ae4482629abe
- SHA512
  
  d7078a01e236871ca2787f59f79a8a3be49e66751e3738c428ec9c5cb5d89d33e351f5adec5542b281bd86e88e32707b7226815460e47348fde2575a7975b269
- SSDEEP
  
  98304:ftJc7TDT2w5eWsms7J0gPUlZ4gQ2ijpz8EvoFUP0y23P2MN0hjBc02h:ffSDt8Ws/rgQ2ixAN0hm02h
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2