General
-
Target
2024-07-01_aeb10fa25923fc562f7708883ecf9061_mafia
-
Size
906KB
-
Sample
240701-htf6yasbpm
-
MD5
aeb10fa25923fc562f7708883ecf9061
-
SHA1
7055331940e8429944bd3150a1ed437af55c8360
-
SHA256
6cd97c8eef147ddaa39fe587e3cc067389f0b1553a5c2445433d91d26f897860
-
SHA512
c22e52fe5d149c7922cd8ca105841918dff180e6de024ebfa65a0be34463b41a5d8f0ce34fa2369375bdc1c3ded23fccae79d53e15fe6eea03019d43c6e5dbef
-
SSDEEP
12288:xUHzKufgk0IpzpXxsPsM+80/9OCOaVLR7g1xGkgBaFSkYu8DU0OYhLu0O49gY4B:SHVfSIpzpBsGACO0LRs1kk6i6uKVOu4B
Malware Config
Targets
-
-
Target
2024-07-01_aeb10fa25923fc562f7708883ecf9061_mafia
-
Size
906KB
-
MD5
aeb10fa25923fc562f7708883ecf9061
-
SHA1
7055331940e8429944bd3150a1ed437af55c8360
-
SHA256
6cd97c8eef147ddaa39fe587e3cc067389f0b1553a5c2445433d91d26f897860
-
SHA512
c22e52fe5d149c7922cd8ca105841918dff180e6de024ebfa65a0be34463b41a5d8f0ce34fa2369375bdc1c3ded23fccae79d53e15fe6eea03019d43c6e5dbef
-
SSDEEP
12288:xUHzKufgk0IpzpXxsPsM+80/9OCOaVLR7g1xGkgBaFSkYu8DU0OYhLu0O49gY4B:SHVfSIpzpBsGACO0LRs1kk6i6uKVOu4B
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-