Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-01-28_9259195046d49cb9e327d004d93dae4b_mafia
-
Size
653KB
-
Sample
240128-fdgresdchp
-
MD5
9259195046d49cb9e327d004d93dae4b
-
SHA1
ae00378ab852a733de86031d3b06d3cfeb00a073
-
SHA256
7a242730c90b89fceefd69b52f797aa2893c64d2f7be4e034e7d5f3ebf2ceba2
-
SHA512
41406a9321524b512c29ad0928be7735c7b332250a2fbac3e82740f6c919844c4a9c9c18a65bb5df4755c397768c904c3ac7a5fdea5d312d76a50bf61c54877c
-
SSDEEP
12288:Aij0isJD+m3srW+5tEZG1QRw7rZ0n9sLXxGkgXYhfu0tF:tIiG+m8rWwHfR0yXkkxVtF
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-28_9259195046d49cb9e327d004d93dae4b_mafia.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-28_9259195046d49cb9e327d004d93dae4b_mafia.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2024-01-28_9259195046d49cb9e327d004d93dae4b_mafia
-
Size
653KB
-
MD5
9259195046d49cb9e327d004d93dae4b
-
SHA1
ae00378ab852a733de86031d3b06d3cfeb00a073
-
SHA256
7a242730c90b89fceefd69b52f797aa2893c64d2f7be4e034e7d5f3ebf2ceba2
-
SHA512
41406a9321524b512c29ad0928be7735c7b332250a2fbac3e82740f6c919844c4a9c9c18a65bb5df4755c397768c904c3ac7a5fdea5d312d76a50bf61c54877c
-
SSDEEP
12288:Aij0isJD+m3srW+5tEZG1QRw7rZ0n9sLXxGkgXYhfu0tF:tIiG+m8rWwHfR0yXkkxVtF
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1