765fb1a400c46c29ec31f14c970c483d379faf4d058b22feff12e92fc209190b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-23_301c42ab0342864a25d7bdf3701c0c54_mafia_nionspy_JC.exe
Size

288KB
Sample

230903-xs4ceabh72
MD5

301c42ab0342864a25d7bdf3701c0c54
SHA1

58ecad6b8d762d2041338975d24203ea0f6c84bc
SHA256

765fb1a400c46c29ec31f14c970c483d379faf4d058b22feff12e92fc209190b
SHA512

0b36d04d9402394dc12a615d0a48baca2c236bc479bc45f304516908652d4b9541a9c27769486e768a112b246ddd4fdae519cc64e05237c96524b08528c17d78
SSDEEP

6144:6Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:6QMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2023-08-23_301c42ab0342864a25d7bdf3701c0c54_mafia_nionspy_JC.exe
- Size
  
  288KB
- MD5
  
  301c42ab0342864a25d7bdf3701c0c54
- SHA1
  
  58ecad6b8d762d2041338975d24203ea0f6c84bc
- SHA256
  
  765fb1a400c46c29ec31f14c970c483d379faf4d058b22feff12e92fc209190b
- SHA512
  
  0b36d04d9402394dc12a615d0a48baca2c236bc479bc45f304516908652d4b9541a9c27769486e768a112b246ddd4fdae519cc64e05237c96524b08528c17d78
- SSDEEP
  
  6144:6Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:6QMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2