General

  • Target

    2024-03-02_df57966db5d9e63f8e2f518b0a15dc08_mafia

  • Size

    2.3MB

  • Sample

    240302-swhgwseh84

  • MD5

    df57966db5d9e63f8e2f518b0a15dc08

  • SHA1

    432f4c2e5de6014791720f57d6731d4cf3ae20a1

  • SHA256

    82f51b201233ec77c05519485d1eae90f8d8a0bebfb14c936a04f95b86d2cc8a

  • SHA512

    7b66b7ea6443cae46945c8fb840444476935530e756e39e58abd6747353f2c2b62a1dd0c1e06be00ce02c5af0c4ae499f869fed2d6b817ef4f55458a60f3498b

  • SSDEEP

    49152:/pE6gw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yiji7/i3da1YS6ozB:hwYJYN/iyB

Malware Config

Targets

    • Target

      2024-03-02_df57966db5d9e63f8e2f518b0a15dc08_mafia

    • Size

      2.3MB

    • MD5

      df57966db5d9e63f8e2f518b0a15dc08

    • SHA1

      432f4c2e5de6014791720f57d6731d4cf3ae20a1

    • SHA256

      82f51b201233ec77c05519485d1eae90f8d8a0bebfb14c936a04f95b86d2cc8a

    • SHA512

      7b66b7ea6443cae46945c8fb840444476935530e756e39e58abd6747353f2c2b62a1dd0c1e06be00ce02c5af0c4ae499f869fed2d6b817ef4f55458a60f3498b

    • SSDEEP

      49152:/pE6gw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yiji7/i3da1YS6ozB:hwYJYN/iyB

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Detects executables referencing many IR and analysis tools

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks