General
-
Target
2024-06-29_d62b9c36797da734d233b75dd7650c7a_mafia
-
Size
906KB
-
Sample
240629-hx28kswdrr
-
MD5
d62b9c36797da734d233b75dd7650c7a
-
SHA1
b0298e5039675ec8203bb1ed5a6c99a01317bd2c
-
SHA256
ccc98f7f739f1648862357aa39e9e58732d57a660e9d1459ce631e0006a2b475
-
SHA512
fd541d24b67089224893730b9ccd616eda2296ec4f76800373f76875c7ee3afcc64c4db64b0ea62f24f72e54b3b79aad69486317a7a8e178e2c426f88f9a1165
-
SSDEEP
12288:MUHzKufgk0IpzpXxsPsM+80/9OCOaVLR7g1xGkgBaFSkYu8DU0OYhLu0O49gY4B:HHVfSIpzpBsGACO0LRs1kk6i6uKVOu4B
Malware Config
Targets
-
-
Target
2024-06-29_d62b9c36797da734d233b75dd7650c7a_mafia
-
Size
906KB
-
MD5
d62b9c36797da734d233b75dd7650c7a
-
SHA1
b0298e5039675ec8203bb1ed5a6c99a01317bd2c
-
SHA256
ccc98f7f739f1648862357aa39e9e58732d57a660e9d1459ce631e0006a2b475
-
SHA512
fd541d24b67089224893730b9ccd616eda2296ec4f76800373f76875c7ee3afcc64c4db64b0ea62f24f72e54b3b79aad69486317a7a8e178e2c426f88f9a1165
-
SSDEEP
12288:MUHzKufgk0IpzpXxsPsM+80/9OCOaVLR7g1xGkgBaFSkYu8DU0OYhLu0O49gY4B:HHVfSIpzpBsGACO0LRs1kk6i6uKVOu4B
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-