Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28-03-2024 18:21
General
-
Target
2024-03-28_412bfa5e9c419949cf28e1e6c1c5c1f1_mafia.exe
-
Size
1.2MB
-
MD5
412bfa5e9c419949cf28e1e6c1c5c1f1
-
SHA1
02076142c38bf13f233ef66e5d4913408870230a
-
SHA256
c29acbb387f8a0a8a977f51614f5933b4b9d030e5625390309913ed9a872dd48
-
SHA512
b43ec18d55024d21c41c6860e51771a4994fda82ab487ef5a003c0e63dc17c90079708928ea834a5397a4da13009a6a39afca6141ad4c1a87684805e20c0f711
-
SSDEEP
24576:uw/BO7PoTQMKwULgpcfGXj3lH6VZMfQjM0rGL7U/wNV4KYViguK0OAYK:pMToTQn5LepT8aRLI+4KYVoOAR
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_412bfa5e9c419949cf28e1e6c1c5c1f1_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_412bfa5e9c419949cf28e1e6c1c5c1f1_mafia.exe"1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD5f8ab377541999696939774c021539596
SHA1d6436a9443be450975ef6f5ea00165d9f212e997
SHA256390657f1f1c0c3b1c1faae98be84de1c85b5c7b0ff433f25b12f5f0ff55646dc
SHA512ca252b13f0c1680877c4e109279f99f52d8ce393e44477c9b6597a735bb6c7728073801ff2938904513ef6e104c424d42b0dc5e7051d7ddc59200189d40a9bc4
-
Filesize
10KB
MD5cf6451e42fc3d5cacaab23dfb286e9dd
SHA1320cb0371ed48b15dfd4839d0c2d0a1a1be60e38
SHA2564b25cde8520cb7cdc9b6a50e95b95746ab9233b5c956ff24cdd74a0150eaefc7
SHA512aa40b291a4c40767e802952f892f67304b13199aef27267ab130f9842306dea47d3bde986c5fe7abc67847b89bc937066b79c2a097f7dedd7be6423dbe0d8565
-
Filesize
41KB
MD519cafe521085d306aa66d256bce120c6
SHA1a41ae63f80dc451fb68a34f64aa86867f2cdbd6e
SHA256ce22b3fa0bb7ad842657737c51a287caea2623019fcefbea4906462f49e31894
SHA512936e0ca8f2accfaba11dc190e89ae3d19e2ba0963824e87c24ab7e1cc006cc7232163c90924a1e93abe7d602b64b4b5543544e114d9059ea56b6f28535c8527d
-
Filesize
6KB
MD5f0d3860b7df5e146eabf9de01bb6c2ed
SHA14aee3eb260f3f4c1099d205029abaff9f972648a
SHA256376e3a47f27ca12777d661d9cf2da68dfca258955ceca18e1a714cc4595fa786
SHA512c57c9ea1683af82c79cba0028107d5678e4d8caf9c9b9b7c43bc23554f31b674c0af8cd78f7f2f3bc24498cf08f93b3e319602396f12ee9f5bdfd1aafafecae4
-
Filesize
1.6MB
-
Filesize
4KB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
128KB
