Overview

overview

8

Static

static

2022-11-23...py.exe

windows7-x64

8

2022-11-23...py.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-11-23_b51fc371ec27f293bccdb3db89a27e56_mafia_nionspy

  • Size

    344KB

  • Sample

    221123-xamlyahd4v

  • MD5

    b51fc371ec27f293bccdb3db89a27e56

  • SHA1

    8912c0e45d16b9a5b1550bda8a56c8ab88ba6adf

  • SHA256

    2214ef5bf65914b217c331c5cce83c54d45c0a67892c6403acbe6534c468f35b

  • SHA512

    dc3bfdcd557e129f0e5e149007c43bf85528ee7d708c896447a4a2e0f4395df2d79429535660ce57e5adc8fb9c9af54f62fefc08028afde72bbc42e5b7777e5d

  • SSDEEP

    6144:RTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:RTBPFV0RyWl3h2E+7pYm0

Score
8/10

Malware Config

Targets

    • Target

      2022-11-23_b51fc371ec27f293bccdb3db89a27e56_mafia_nionspy

    • Size

      344KB

    • MD5

      b51fc371ec27f293bccdb3db89a27e56

    • SHA1

      8912c0e45d16b9a5b1550bda8a56c8ab88ba6adf

    • SHA256

      2214ef5bf65914b217c331c5cce83c54d45c0a67892c6403acbe6534c468f35b

    • SHA512

      dc3bfdcd557e129f0e5e149007c43bf85528ee7d708c896447a4a2e0f4395df2d79429535660ce57e5adc8fb9c9af54f62fefc08028afde72bbc42e5b7777e5d

    • SSDEEP

      6144:RTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:RTBPFV0RyWl3h2E+7pYm0

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks