9bd303406bd35b6957ff4034cb8aaf893dd2a40641e925387d811d96ca423182 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-12_dbdc9617c0dabcf6981023d9396a4f6e_mafia
Size

184KB
Sample

240912-th8mlasgrf
MD5

dbdc9617c0dabcf6981023d9396a4f6e
SHA1

152765997c18d2cb5cc0874fa4b99b74c368c745
SHA256

9bd303406bd35b6957ff4034cb8aaf893dd2a40641e925387d811d96ca423182
SHA512

c700523ee3b5556908b28b078bcb53cb17a2a95f3ce35936fa628c0009977b3c3368b025799b282b56707b491a2dbdbcf3229190685451914b653ad8c8e2371f
SSDEEP

3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO37Y:/7BSH8zUB+nGESaaRvoB7FJNndnJ

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  2024-09-12_dbdc9617c0dabcf6981023d9396a4f6e_mafia
- Size
  
  184KB
- MD5
  
  dbdc9617c0dabcf6981023d9396a4f6e
- SHA1
  
  152765997c18d2cb5cc0874fa4b99b74c368c745
- SHA256
  
  9bd303406bd35b6957ff4034cb8aaf893dd2a40641e925387d811d96ca423182
- SHA512
  
  c700523ee3b5556908b28b078bcb53cb17a2a95f3ce35936fa628c0009977b3c3368b025799b282b56707b491a2dbdbcf3229190685451914b653ad8c8e2371f
- SSDEEP
  
  3072:/MzsU0S0w8Hp9Rc/LB+dJGESR4hIRSYaVvb1NVFJNndnO37Y:/7BSH8zUB+nGESaaRvoB7FJNndnJ
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution