db9e37485f6b5aaa52cdd48fba0e0de6fba774f95813d0b2a7ee0312ae828268 | Triage

Sharing

General

Target

2024-06-08_b746149b41efd5d88de45c7ec1cc5ced_mafia
Size

500KB
Sample

240608-z2e3aahb26
MD5

b746149b41efd5d88de45c7ec1cc5ced
SHA1

380d0e37209b83a94ff9e2cf090fbcbdaac3da37
SHA256

db9e37485f6b5aaa52cdd48fba0e0de6fba774f95813d0b2a7ee0312ae828268
SHA512

467b5815fde9941264085af7c7f73980317f725c2660041ba82f545d791dcb4a3dbd5a81b22a89b496020c08cd62ba22d3daea129582d26cc1c9fe76e11fbbf8
SSDEEP

12288:DbEqkIX9IoqwhJmWYUXBDcLP7jGKk1XKdsKFW8:DbRk++whzBIP7jCJ8

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  2024-06-08_b746149b41efd5d88de45c7ec1cc5ced_mafia
- Size
  
  500KB
- MD5
  
  b746149b41efd5d88de45c7ec1cc5ced
- SHA1
  
  380d0e37209b83a94ff9e2cf090fbcbdaac3da37
- SHA256
  
  db9e37485f6b5aaa52cdd48fba0e0de6fba774f95813d0b2a7ee0312ae828268
- SHA512
  
  467b5815fde9941264085af7c7f73980317f725c2660041ba82f545d791dcb4a3dbd5a81b22a89b496020c08cd62ba22d3daea129582d26cc1c9fe76e11fbbf8
- SSDEEP
  
  12288:DbEqkIX9IoqwhJmWYUXBDcLP7jGKk1XKdsKFW8:DbRk++whzBIP7jCJ8
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2