cd62c6ff30bcd1a46a3548bc02e04061bb4b7a8e6cb5d6426c82a258fd96392b | Triage

Sharing

General

Target

2023-08-27_4c37ec3072feeb2fc78fe17a177c26d2_mafia_nionspy_JC.exe
Size

288KB
Sample

231002-xh7bbadh3y
MD5

4c37ec3072feeb2fc78fe17a177c26d2
SHA1

0fd1189488dabd7e1d29ed18c7a42df9fcdd3b1c
SHA256

cd62c6ff30bcd1a46a3548bc02e04061bb4b7a8e6cb5d6426c82a258fd96392b
SHA512

5d785899e75954bddb44f81bc500d8d4591a1644903bde54c112f5e7ef68c3a3c4b750f2ed467ef1a6af6159883cd4dd59f95aa109dab830e5afd59ac993c67b
SSDEEP

6144:GQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:GQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2023-08-27_4c37ec3072feeb2fc78fe17a177c26d2_mafia_nionspy_JC.exe
- Size
  
  288KB
- MD5
  
  4c37ec3072feeb2fc78fe17a177c26d2
- SHA1
  
  0fd1189488dabd7e1d29ed18c7a42df9fcdd3b1c
- SHA256
  
  cd62c6ff30bcd1a46a3548bc02e04061bb4b7a8e6cb5d6426c82a258fd96392b
- SHA512
  
  5d785899e75954bddb44f81bc500d8d4591a1644903bde54c112f5e7ef68c3a3c4b750f2ed467ef1a6af6159883cd4dd59f95aa109dab830e5afd59ac993c67b
- SSDEEP
  
  6144:GQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:GQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2