mafiaware666 | 6009295f55109ad05e2c663c53b696ce632367c328d243facde3f33cf983ff39

Sharing

Copy URL

Twitter E-mail

General

Target

skull.zip
Size

4.5MB
Sample

250204-kqsrns1qdt
MD5

a5a325d5be85187c20dd37d3682e98a7
SHA1

e7e99c47da089777bf073f25a183ff83bb512673
SHA256

6009295f55109ad05e2c663c53b696ce632367c328d243facde3f33cf983ff39
SHA512

bc6f29a581158efa8eb449566c275f69feec275aa8a483df7bdd3ab002394fbf14d195bff1fa7d46044e9faad3d725c4102ea61fb94f93e138ccc486165f9281
SSDEEP

98304:z+nu9K6bWSqM09bo5RXfaTtRCEWduUheYzeatGJ+25LksfQ:zW6gMmM/fGRCCUAQVGJ+IIsI

Score

10^/10

Malware Config

Targets

- Target
  
  Install dependencies.bat
- Size
  
  1KB
- MD5
  
  eb4b04fbf3be04946d84a01ede5cbe9a
- SHA1
  
  c03837830a409c2ef177925bd3e4ec9544cc5031
- SHA256
  
  f545d644196419b41eadae3f0846888c396284cc148c780916c0d96a07f71b40
- SHA512
  
  42dae275458e8f23383285087cda5dad95bfee58bdb86dc1b6c07373296e35f99fd3c249fe022a5bbd3e9b0a465b6231922267fb330d6b5febeb7a731d320749
Score

1^/10
behavioral1
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral2
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral4
- Target
  
  Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral5
- Target
  
  SKullUI.dll
- Size
  
  95KB
- MD5
  
  0c693fdf5031de28e139121866d4e71f
- SHA1
  
  d4e3f81ce0ac00efbc537b6aa4ebc07f039aaf9a
- SHA256
  
  3788b42e87c69c077868856b07c03e8606e0f49389c947231701100d99337e1c
- SHA512
  
  4298a579eea032e794ac4aaa2e18c793fbe0d3f33a2f8e948fde510427e604f06072b71703183c9ca88c73a805627187241f47845a9f16822243388ae5cb42af
- SSDEEP
  
  1536:gOTgjZ0JbSfMuafhOWR42zxMVY6dTPr/Wa5iiphLuM/APHV5y6SlSW8zXR:bT+WytdTPr/WAbK7Pby6S+zXR
Score

1^/10
behavioral6
- Target
  
  libcrypto-3-x64.dll
- Size
  
  5.0MB
- MD5
  
  54ca3e6afcb3c57c7914c0856d779f2a
- SHA1
  
  e37be8d92350aa1f9dd3212015de959faa58aa2f
- SHA256
  
  7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a
- SHA512
  
  e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8
- SSDEEP
  
  98304:UlAXTY8BwEVQ1qb0Oev71CPwDvt3uFRnCLF:UlAXTY8BFVQ1qAOi1CPwDvt3uFRnCLF
Score

1^/10
behavioral7
- Target
  
  libssl-3-x64.dll
- Size
  
  1.3MB
- MD5
  
  d66acb55a9f095a24865c9d883f96fd1
- SHA1
  
  cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527
- SHA256
  
  7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e
- SHA512
  
  35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227
- SSDEEP
  
  12288:9jq84j6NgABFeE4KFq/aXn0ENEoPxV6yatOUH3eKyG8xqU+TMruSoE7y:9m8hCuTrYKpYOK7phTMruSoE7y
Score

1^/10
behavioral8
- Target
  
  skull.dll
- Size
  
  1.3MB
- MD5
  
  538ce914853d942471aca19f7344ee45
- SHA1
  
  d34ea715f5ac65a61f753119ec1534dd712a37e1
- SHA256
  
  887ea84d65f10821d48dcb3678dc8834338d1e2e13915f6b6b02971a2fb0bcf2
- SHA512
  
  f487a9c7cd301ecc51b8f5890e1aa223b9f4373aba3e75d71cba0e3bcbdf7032a365bd23e8ae19520bfa90962c6cd36410bb7f83f8f173b25f2ec1f87592cd03
- SSDEEP
  
  24576:1IdKiywcIFdxMJm2yOCvDLuMyw+wwZzNggeCaGtNm1pKy:1IdKiIgpvDKMz+9ZzNgKaK41z
Score

1^/10
behavioral9
- Target
  
  skull.exe
- Size
  
  1.3MB
- MD5
  
  3dce90e3a6daa8810d0dec78fd960e7d
- SHA1
  
  d44f4aa742092f33ec60264e15f09fd127a7bb87
- SHA256
  
  096ef1633a1e4b28ea46406a6324998b5f4dc59f6596c3dfbe7d6ee403186733
- SHA512
  
  bd68ff08882a61bbc4d51ca4ae2e055e20db853c79f6ea0dd5867e673af38785ddc4f992c1891ecf6d658bba89556b23797d708f3d7ca1da1eb4332f9a2ea84c
- SSDEEP
  
  24576:RTSTiRsBE12BIVpT2QhYpAILUo/g9QZqpMC3QVbIoTdWR8SfEuGujqZF13z8H81:RT7RseZDT2tSbvQsIbe8YVjPH81
Score

10^/10

mafiaware666 discovery ransomware
- Detect MafiaWare666 ransomware
- MafiaWare666 Ransomware
  MafiaWare666 is ransomware written in C# with multiple variants.
  ransomware mafiaware666
- Mafiaware666 family
  mafiaware666
- Renames multiple (75) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops desktop.ini file(s)
behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect MafiaWare666 ransomware

MafiaWare666 Ransomware

Mafiaware666 family

Renames multiple (75) files with added filename extension

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10