General

  • Target

    2024-11-14_136fde2b5f19dbf5d449af249fa5a71b_mafia

  • Size

    920KB

  • Sample

    241114-k28l9swhrr

  • MD5

    136fde2b5f19dbf5d449af249fa5a71b

  • SHA1

    ace82f4649c5d58f114bd07966a94bfea3b3e579

  • SHA256

    ef5e5a96b851cad79eefde9ac180f619eae740b1528c39dda6989d024555bee6

  • SHA512

    69896e8dcc97b42ffdf25a4590b869dfc05014cb9a83783e3c5dd13cdc4618b906a6f0335b35f6935e0a17756ab0b1a54e9da03a056baf20efdf34e5fb8118b9

  • SSDEEP

    24576:lKKKKKKKKKKKKKGWCLayAjnIGTQKIfP87wxv:HWCL/SDT2fP8mv

Malware Config

Targets

    • Target

      2024-11-14_136fde2b5f19dbf5d449af249fa5a71b_mafia

    • Size

      920KB

    • MD5

      136fde2b5f19dbf5d449af249fa5a71b

    • SHA1

      ace82f4649c5d58f114bd07966a94bfea3b3e579

    • SHA256

      ef5e5a96b851cad79eefde9ac180f619eae740b1528c39dda6989d024555bee6

    • SHA512

      69896e8dcc97b42ffdf25a4590b869dfc05014cb9a83783e3c5dd13cdc4618b906a6f0335b35f6935e0a17756ab0b1a54e9da03a056baf20efdf34e5fb8118b9

    • SSDEEP

      24576:lKKKKKKKKKKKKKGWCLayAjnIGTQKIfP87wxv:HWCL/SDT2fP8mv

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks