General

  • Target

    2024-11-14_a1b5f47c409a6d2b843d62efb8aceb3e_mafia

  • Size

    920KB

  • Sample

    241114-la2kbaxbjk

  • MD5

    a1b5f47c409a6d2b843d62efb8aceb3e

  • SHA1

    b6e08487341ebc17093df71feece0559f8f06058

  • SHA256

    0a5f00704efa94d82d7d9c7cb7a328a0eead3487b344d7e138e4db95af08b215

  • SHA512

    5a9a1bb1e04db686365c47ae45f0b037e8367c9be81e5ae9b5580f08ee11435030c89aea0f60175db94df60897283cdb1bce9284889e3aa13e7826c762edadb0

  • SSDEEP

    24576:lKKKKKKKKKKKKGWCWayAjnIGTQKIfP87wxv:oWCW/SDT2fP8mv

Malware Config

Targets

    • Target

      2024-11-14_a1b5f47c409a6d2b843d62efb8aceb3e_mafia

    • Size

      920KB

    • MD5

      a1b5f47c409a6d2b843d62efb8aceb3e

    • SHA1

      b6e08487341ebc17093df71feece0559f8f06058

    • SHA256

      0a5f00704efa94d82d7d9c7cb7a328a0eead3487b344d7e138e4db95af08b215

    • SHA512

      5a9a1bb1e04db686365c47ae45f0b037e8367c9be81e5ae9b5580f08ee11435030c89aea0f60175db94df60897283cdb1bce9284889e3aa13e7826c762edadb0

    • SSDEEP

      24576:lKKKKKKKKKKKKGWCWayAjnIGTQKIfP87wxv:oWCW/SDT2fP8mv

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks