d7a7ae36fc3023d1c47df2f4f5e6c08c2c2dc578cdd6172130bfce820d129897 | Triage

Sharing

General

Target

NEAS.2023-09-07_33b30c0dabe75db0e022fbd0344e7b3a_mafia_nionspy_JC.exe
Size

288KB
Sample

231023-yvpsgagc22
MD5

33b30c0dabe75db0e022fbd0344e7b3a
SHA1

f509b63a6d9e98da3d76b1443e4fdb311d657f35
SHA256

d7a7ae36fc3023d1c47df2f4f5e6c08c2c2dc578cdd6172130bfce820d129897
SHA512

205f675e8f8ed1a96752e84d370db1838eccb14235bbbe520c0a6002a46ca9fb1782c20232354882b0cf1fd97b28c131b598e369cce8b52f8a7e4cb4b0beba52
SSDEEP

6144:eQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:eQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  NEAS.2023-09-07_33b30c0dabe75db0e022fbd0344e7b3a_mafia_nionspy_JC.exe
- Size
  
  288KB
- MD5
  
  33b30c0dabe75db0e022fbd0344e7b3a
- SHA1
  
  f509b63a6d9e98da3d76b1443e4fdb311d657f35
- SHA256
  
  d7a7ae36fc3023d1c47df2f4f5e6c08c2c2dc578cdd6172130bfce820d129897
- SHA512
  
  205f675e8f8ed1a96752e84d370db1838eccb14235bbbe520c0a6002a46ca9fb1782c20232354882b0cf1fd97b28c131b598e369cce8b52f8a7e4cb4b0beba52
- SSDEEP
  
  6144:eQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:eQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2