General

  • Target

    2024-05-26_ddaec9851414d47ebc2c4ff204570cd7_mafia

  • Size

    2.9MB

  • Sample

    240526-eh5tdaeb2z

  • MD5

    ddaec9851414d47ebc2c4ff204570cd7

  • SHA1

    35b8c7cdc3bcc4a606b36fcbfd797de535300eeb

  • SHA256

    b90ebe6b57cf9b036b6b751a2431d7b782a619dbc18ea03bdf5f5211ab312715

  • SHA512

    43e889261bceb0732150e2505d351e9097b23766f1cf3965c9a33a8345f9e3ffe086c5f0833609c2b8e321f3383ba582a0ccc7e67fff8cebf4df7c0658e00321

  • SSDEEP

    49152:GIBnIYp4t6oT4QLrUl43SzuXmQ7l2mCK+MTYNG0Zms3Xkp88q9ZgOC:GIBIYdQLw6iiWmXTkrlk3q9a

Malware Config

Targets

    • Target

      2024-05-26_ddaec9851414d47ebc2c4ff204570cd7_mafia

    • Size

      2.9MB

    • MD5

      ddaec9851414d47ebc2c4ff204570cd7

    • SHA1

      35b8c7cdc3bcc4a606b36fcbfd797de535300eeb

    • SHA256

      b90ebe6b57cf9b036b6b751a2431d7b782a619dbc18ea03bdf5f5211ab312715

    • SHA512

      43e889261bceb0732150e2505d351e9097b23766f1cf3965c9a33a8345f9e3ffe086c5f0833609c2b8e321f3383ba582a0ccc7e67fff8cebf4df7c0658e00321

    • SSDEEP

      49152:GIBnIYp4t6oT4QLrUl43SzuXmQ7l2mCK+MTYNG0Zms3Xkp88q9ZgOC:GIBIYdQLw6iiWmXTkrlk3q9a

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Tasks