54ba13a32389b061a3b6931525cb1f3e5bc82a970c2cec23c9e31c075cd9d507 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-22_1c844da0cd1cdcc156a6e65c97776552_mafia_nionspy_JC.exe
Size

328KB
Sample

230902-skqzwsea97
MD5

1c844da0cd1cdcc156a6e65c97776552
SHA1

55c0a834ff62893d15e1b4731ebb42c7211e5b03
SHA256

54ba13a32389b061a3b6931525cb1f3e5bc82a970c2cec23c9e31c075cd9d507
SHA512

77018df42b6f3be24891a51b11a3b97adb38903d8c93a0f94c87855837161f33d75f4a364d5f498f89ecb35dcbc28ccbb257018814a837d98fdbe4c127ebe08d
SSDEEP

6144:82+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:82TFafJiHCWBWPMjVWrXf1v

Score

7^/10

Malware Config

Targets

- Target
  
  2023-08-22_1c844da0cd1cdcc156a6e65c97776552_mafia_nionspy_JC.exe
- Size
  
  328KB
- MD5
  
  1c844da0cd1cdcc156a6e65c97776552
- SHA1
  
  55c0a834ff62893d15e1b4731ebb42c7211e5b03
- SHA256
  
  54ba13a32389b061a3b6931525cb1f3e5bc82a970c2cec23c9e31c075cd9d507
- SHA512
  
  77018df42b6f3be24891a51b11a3b97adb38903d8c93a0f94c87855837161f33d75f4a364d5f498f89ecb35dcbc28ccbb257018814a837d98fdbe4c127ebe08d
- SSDEEP
  
  6144:82+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:82TFafJiHCWBWPMjVWrXf1v
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2