ff748ec5f5eb3edd1716f78faf2969c0142a103ef918ef587ec2033f076d5dca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-25_3ba1877b64899907d82cabd98790218a_mafia_nionspy_JC.exe
Size

280KB
Sample

231014-d6re8aea7t
MD5

3ba1877b64899907d82cabd98790218a
SHA1

c05ccd6bcdf1e419eabb9d31e0a4e16436ed2cbf
SHA256

ff748ec5f5eb3edd1716f78faf2969c0142a103ef918ef587ec2033f076d5dca
SHA512

a966867f0de011cd19e98a2bafc85b4a85f76a26eb8beae231c85becb7bc1ed156af9673b838430f464c3ebb971b405255dc5b94d72c0413e41d4935a28b3da6
SSDEEP

6144:XQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:XQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2023-08-25_3ba1877b64899907d82cabd98790218a_mafia_nionspy_JC.exe
- Size
  
  280KB
- MD5
  
  3ba1877b64899907d82cabd98790218a
- SHA1
  
  c05ccd6bcdf1e419eabb9d31e0a4e16436ed2cbf
- SHA256
  
  ff748ec5f5eb3edd1716f78faf2969c0142a103ef918ef587ec2033f076d5dca
- SHA512
  
  a966867f0de011cd19e98a2bafc85b4a85f76a26eb8beae231c85becb7bc1ed156af9673b838430f464c3ebb971b405255dc5b94d72c0413e41d4935a28b3da6
- SSDEEP
  
  6144:XQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:XQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2