Overview

overview

9

Static

static

1

2024-08-25...ia.exe

windows7-x64

9

2024-08-25...ia.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-25_b09c95da42bef56442b599edb1d97283_mafia

  • Size

    8.2MB

  • Sample

    240825-rdpmtazclj

  • MD5

    b09c95da42bef56442b599edb1d97283

  • SHA1

    adfbeca04e7ddbfdfab0b3e43a4ab3fb7226b7f8

  • SHA256

    0592ccf2504ece3c2c9245e7fdd4d03f4f0353a4a5e74cfa49952a1f6e329e8f

  • SHA512

    f3634878d63d09db9c40207b883d1439f45efe3536a6835ca078f7b8ffb85c5420d86771d748fdc0e7788c3fe66077717d9df241c13e6f85464bfd7d18b53da0

  • SSDEEP

    196608:na0vvN3x9OLIiOK8A+zZd3j85rbz0lHU3zOtlZLwWtt3S2:VN3+LY7inz0MzOrZLnHV

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      2024-08-25_b09c95da42bef56442b599edb1d97283_mafia

    • Size

      8.2MB

    • MD5

      b09c95da42bef56442b599edb1d97283

    • SHA1

      adfbeca04e7ddbfdfab0b3e43a4ab3fb7226b7f8

    • SHA256

      0592ccf2504ece3c2c9245e7fdd4d03f4f0353a4a5e74cfa49952a1f6e329e8f

    • SHA512

      f3634878d63d09db9c40207b883d1439f45efe3536a6835ca078f7b8ffb85c5420d86771d748fdc0e7788c3fe66077717d9df241c13e6f85464bfd7d18b53da0

    • SSDEEP

      196608:na0vvN3x9OLIiOK8A+zZd3j85rbz0lHU3zOtlZLwWtt3S2:VN3+LY7inz0MzOrZLnHV

    Score
    9/10
    discoveryevasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks