ba660203a1b789527fb1f4d73d3c1af1561a9564de4851594e984eed751c95c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_d350d190f20cb241746317948523b8c4_mafia
Size

184KB
Sample

240908-lv2e2syhlq
MD5

d350d190f20cb241746317948523b8c4
SHA1

d3771d2ad1e47c95d0572bd6384884b8da06f153
SHA256

ba660203a1b789527fb1f4d73d3c1af1561a9564de4851594e984eed751c95c7
SHA512

94a729114edbe386acd74d770fc2adfe2f786859dfe9b3d724c6e6799efb1b6aab50e535effa0eddde3039d51b43a04423e2c056c85b814fe6d605f0dbf92ea1
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3w:/7BSH8zUB+nGESaaRvoB7FJNndnZ

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  2024-09-08_d350d190f20cb241746317948523b8c4_mafia
- Size
  
  184KB
- MD5
  
  d350d190f20cb241746317948523b8c4
- SHA1
  
  d3771d2ad1e47c95d0572bd6384884b8da06f153
- SHA256
  
  ba660203a1b789527fb1f4d73d3c1af1561a9564de4851594e984eed751c95c7
- SHA512
  
  94a729114edbe386acd74d770fc2adfe2f786859dfe9b3d724c6e6799efb1b6aab50e535effa0eddde3039d51b43a04423e2c056c85b814fe6d605f0dbf92ea1
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO3w:/7BSH8zUB+nGESaaRvoB7FJNndnZ
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution