General
-
Target
2024-11-14_a1b5f47c409a6d2b843d62efb8aceb3e_mafia
-
Size
920KB
-
Sample
241114-la2kbaxbjk
-
MD5
a1b5f47c409a6d2b843d62efb8aceb3e
-
SHA1
b6e08487341ebc17093df71feece0559f8f06058
-
SHA256
0a5f00704efa94d82d7d9c7cb7a328a0eead3487b344d7e138e4db95af08b215
-
SHA512
5a9a1bb1e04db686365c47ae45f0b037e8367c9be81e5ae9b5580f08ee11435030c89aea0f60175db94df60897283cdb1bce9284889e3aa13e7826c762edadb0
-
SSDEEP
24576:lKKKKKKKKKKKKGWCWayAjnIGTQKIfP87wxv:oWCW/SDT2fP8mv
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-14_a1b5f47c409a6d2b843d62efb8aceb3e_mafia.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
2024-11-14_a1b5f47c409a6d2b843d62efb8aceb3e_mafia
-
Size
920KB
-
MD5
a1b5f47c409a6d2b843d62efb8aceb3e
-
SHA1
b6e08487341ebc17093df71feece0559f8f06058
-
SHA256
0a5f00704efa94d82d7d9c7cb7a328a0eead3487b344d7e138e4db95af08b215
-
SHA512
5a9a1bb1e04db686365c47ae45f0b037e8367c9be81e5ae9b5580f08ee11435030c89aea0f60175db94df60897283cdb1bce9284889e3aa13e7826c762edadb0
-
SSDEEP
24576:lKKKKKKKKKKKKGWCWayAjnIGTQKIfP87wxv:oWCW/SDT2fP8mv
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-