General
-
Target
2024-08-21_b95b0b558379a7f41fee9513a914e547_mafia
-
Size
5.1MB
-
Sample
240821-hh2y9svbjg
-
MD5
b95b0b558379a7f41fee9513a914e547
-
SHA1
9b47ca8e02a41fff4cf2b627c64f00ab806deeba
-
SHA256
26d8f4296fc74002aad6375a24a117b4448521623e3891a31390c614406b51a1
-
SHA512
6e34a7a5ad3905bc34423ad2ed877218601abd3553116c6df488d933bdc41c0dde7ad00d3e1ac18d3ee91366bc760b8b1bc7c31e42730882e7b513663ad405a6
-
SSDEEP
49152:zCnZ0c2C4RG2WcMl1Du9pNAhhIuODDvu+3h9mYdh5ZeqeDIs6d57+/cTy1vdZ3PC:WPcUHlUFAhavx3h9XhPeqeDlX3uk
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-21_b95b0b558379a7f41fee9513a914e547_mafia.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-08-21_b95b0b558379a7f41fee9513a914e547_mafia.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-08-21_b95b0b558379a7f41fee9513a914e547_mafia
-
Size
5.1MB
-
MD5
b95b0b558379a7f41fee9513a914e547
-
SHA1
9b47ca8e02a41fff4cf2b627c64f00ab806deeba
-
SHA256
26d8f4296fc74002aad6375a24a117b4448521623e3891a31390c614406b51a1
-
SHA512
6e34a7a5ad3905bc34423ad2ed877218601abd3553116c6df488d933bdc41c0dde7ad00d3e1ac18d3ee91366bc760b8b1bc7c31e42730882e7b513663ad405a6
-
SSDEEP
49152:zCnZ0c2C4RG2WcMl1Du9pNAhhIuODDvu+3h9mYdh5ZeqeDIs6d57+/cTy1vdZ3PC:WPcUHlUFAhavx3h9XhPeqeDlX3uk
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-