2214ef5bf65914b217c331c5cce83c54d45c0a67892c6403acbe6534c468f35b | Triage

Sharing

General

Target

2022-11-23_b51fc371ec27f293bccdb3db89a27e56_mafia_nionspy
Size

344KB
Sample

221123-xamlyahd4v
MD5

b51fc371ec27f293bccdb3db89a27e56
SHA1

8912c0e45d16b9a5b1550bda8a56c8ab88ba6adf
SHA256

2214ef5bf65914b217c331c5cce83c54d45c0a67892c6403acbe6534c468f35b
SHA512

dc3bfdcd557e129f0e5e149007c43bf85528ee7d708c896447a4a2e0f4395df2d79429535660ce57e5adc8fb9c9af54f62fefc08028afde72bbc42e5b7777e5d
SSDEEP

6144:RTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:RTBPFV0RyWl3h2E+7pYm0

Score

8^/10

Malware Config

Targets

- Target
  
  2022-11-23_b51fc371ec27f293bccdb3db89a27e56_mafia_nionspy
- Size
  
  344KB
- MD5
  
  b51fc371ec27f293bccdb3db89a27e56
- SHA1
  
  8912c0e45d16b9a5b1550bda8a56c8ab88ba6adf
- SHA256
  
  2214ef5bf65914b217c331c5cce83c54d45c0a67892c6403acbe6534c468f35b
- SHA512
  
  dc3bfdcd557e129f0e5e149007c43bf85528ee7d708c896447a4a2e0f4395df2d79429535660ce57e5adc8fb9c9af54f62fefc08028afde72bbc42e5b7777e5d
- SSDEEP
  
  6144:RTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:RTBPFV0RyWl3h2E+7pYm0
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2