50f99d9eee6abf022c0dce5337ed8821713967833ef70e9fa543d93d15a3c42a | Triage

Sharing

General

Target

2023-08-22_60423b7325169535934487c2fbccfe31_mafia_nionspy_JC.exe
Size

288KB
Sample

230902-xdreaseg91
MD5

60423b7325169535934487c2fbccfe31
SHA1

b566a7657c670e1f6cec489f342ddb76945a29ac
SHA256

50f99d9eee6abf022c0dce5337ed8821713967833ef70e9fa543d93d15a3c42a
SHA512

44910cddeaee447ae081fcc2a9b34b80447dab5f623f561fd5efe4b954a4b8cbf99c14839e364ef85d94bc3df858c64f3d62a570034294855660b443088f2929
SSDEEP

6144:nQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:nQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2023-08-22_60423b7325169535934487c2fbccfe31_mafia_nionspy_JC.exe
- Size
  
  288KB
- MD5
  
  60423b7325169535934487c2fbccfe31
- SHA1
  
  b566a7657c670e1f6cec489f342ddb76945a29ac
- SHA256
  
  50f99d9eee6abf022c0dce5337ed8821713967833ef70e9fa543d93d15a3c42a
- SHA512
  
  44910cddeaee447ae081fcc2a9b34b80447dab5f623f561fd5efe4b954a4b8cbf99c14839e364ef85d94bc3df858c64f3d62a570034294855660b443088f2929
- SSDEEP
  
  6144:nQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:nQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2