018d5197a5b29f7908641e8f8d6a0b06ad18446a789a80176c8324c7fdd24baf | Triage

Submit
Reports

Overview

overview

9

Static

static

1

2024-02-23...ia.exe

windows7-x64

9

2024-02-23...ia.exe

windows10-2004-x64

9

Sharing

General

Target

2024-02-23_36aeae584732ab5bd6943249263cf192_mafia
Size

514KB
Sample

240223-stphesca82
MD5

36aeae584732ab5bd6943249263cf192
SHA1

76e6d5e557ba5245a087ce56dcbadec171c742c3
SHA256

018d5197a5b29f7908641e8f8d6a0b06ad18446a789a80176c8324c7fdd24baf
SHA512

eaa95e31739af9ca4d23c9c5f34d7192ce62c7a43ffb620b9215ca54709a8ab5d3f187fb73258aef701a36e755a742c6c137a72acb13ae8db7014798e2f28d23
SSDEEP

12288:0s/dTvHDz+Yk8q0JZR026tlNkLtm3yL5uoBJWJp:0s/dTvHDzkKvN4lqpwyL5VJSp

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

2024-02-23_36aeae584732ab5bd6943249263cf192_mafia.exe

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-02-23_36aeae584732ab5bd6943249263cf192_mafia.exe

Resource

win10v2004-20240221-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-02-23_36aeae584732ab5bd6943249263cf192_mafia
- Size
  
  514KB
- MD5
  
  36aeae584732ab5bd6943249263cf192
- SHA1
  
  76e6d5e557ba5245a087ce56dcbadec171c742c3
- SHA256
  
  018d5197a5b29f7908641e8f8d6a0b06ad18446a789a80176c8324c7fdd24baf
- SHA512
  
  eaa95e31739af9ca4d23c9c5f34d7192ce62c7a43ffb620b9215ca54709a8ab5d3f187fb73258aef701a36e755a742c6c137a72acb13ae8db7014798e2f28d23
- SSDEEP
  
  12288:0s/dTvHDz+Yk8q0JZR026tlNkLtm3yL5uoBJWJp:0s/dTvHDzkKvN4lqpwyL5VJSp
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy