General
-
Target
2024-11-14_136fde2b5f19dbf5d449af249fa5a71b_mafia
-
Size
920KB
-
Sample
241114-k28l9swhrr
-
MD5
136fde2b5f19dbf5d449af249fa5a71b
-
SHA1
ace82f4649c5d58f114bd07966a94bfea3b3e579
-
SHA256
ef5e5a96b851cad79eefde9ac180f619eae740b1528c39dda6989d024555bee6
-
SHA512
69896e8dcc97b42ffdf25a4590b869dfc05014cb9a83783e3c5dd13cdc4618b906a6f0335b35f6935e0a17756ab0b1a54e9da03a056baf20efdf34e5fb8118b9
-
SSDEEP
24576:lKKKKKKKKKKKKKGWCLayAjnIGTQKIfP87wxv:HWCL/SDT2fP8mv
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-14_136fde2b5f19dbf5d449af249fa5a71b_mafia.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-11-14_136fde2b5f19dbf5d449af249fa5a71b_mafia
-
Size
920KB
-
MD5
136fde2b5f19dbf5d449af249fa5a71b
-
SHA1
ace82f4649c5d58f114bd07966a94bfea3b3e579
-
SHA256
ef5e5a96b851cad79eefde9ac180f619eae740b1528c39dda6989d024555bee6
-
SHA512
69896e8dcc97b42ffdf25a4590b869dfc05014cb9a83783e3c5dd13cdc4618b906a6f0335b35f6935e0a17756ab0b1a54e9da03a056baf20efdf34e5fb8118b9
-
SSDEEP
24576:lKKKKKKKKKKKKKGWCLayAjnIGTQKIfP87wxv:HWCL/SDT2fP8mv
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-