69bdeb53d52c6361d9c868df9d27c9ba20b92cef6d8e923718b473acb372f6c1 | Triage

Sharing

General

Target

2022-11-23_d59a7a275f0aa9101c6f92ad44da6192_mafia_nionspy
Size

344KB
Sample

221123-xanh8shd5v
MD5

d59a7a275f0aa9101c6f92ad44da6192
SHA1

81da6f5e9e096b427f01726df5865f98cdc7479d
SHA256

69bdeb53d52c6361d9c868df9d27c9ba20b92cef6d8e923718b473acb372f6c1
SHA512

6c7cf23265ff00d9668c3ae298d17f15876e6c0c3caccf3b347b0b4306d29c170935eea7d58d2f004186fd08d64bc22c3df0398b736708789d7e88b42c2c6e44
SSDEEP

6144:qTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:qTBPFV0RyWl3h2E+7pYm0

Score

8^/10

Malware Config

Targets

- Target
  
  2022-11-23_d59a7a275f0aa9101c6f92ad44da6192_mafia_nionspy
- Size
  
  344KB
- MD5
  
  d59a7a275f0aa9101c6f92ad44da6192
- SHA1
  
  81da6f5e9e096b427f01726df5865f98cdc7479d
- SHA256
  
  69bdeb53d52c6361d9c868df9d27c9ba20b92cef6d8e923718b473acb372f6c1
- SHA512
  
  6c7cf23265ff00d9668c3ae298d17f15876e6c0c3caccf3b347b0b4306d29c170935eea7d58d2f004186fd08d64bc22c3df0398b736708789d7e88b42c2c6e44
- SSDEEP
  
  6144:qTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:qTBPFV0RyWl3h2E+7pYm0
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2