312e92d367594b92fd6d2f0eb31dd4e3d0686a133b78bd32010faf1e1fcda270 | Triage

Sharing

General

Target

NEAS.2023-09-08_91984738c7c41417169d9e2cc1506c97_mafia_nionspy_JC.exe
Size

344KB
Sample

231031-2gxgyaeg9x
MD5

91984738c7c41417169d9e2cc1506c97
SHA1

3be27d7e687c917dc59dfb19a673fc4c61eaef73
SHA256

312e92d367594b92fd6d2f0eb31dd4e3d0686a133b78bd32010faf1e1fcda270
SHA512

d475e9b28e51bc383812bd00367e7a79558a50fe76a9fd5c1072ffedda1e5037fc7b92becb571f0a56e4831a28239fb247a15dbdafd60d0bc0415a229b0462ba
SSDEEP

6144:yTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:yTBPFV0RyWl3h2E+7pYm0

Score

7^/10

Malware Config

Targets

- Target
  
  NEAS.2023-09-08_91984738c7c41417169d9e2cc1506c97_mafia_nionspy_JC.exe
- Size
  
  344KB
- MD5
  
  91984738c7c41417169d9e2cc1506c97
- SHA1
  
  3be27d7e687c917dc59dfb19a673fc4c61eaef73
- SHA256
  
  312e92d367594b92fd6d2f0eb31dd4e3d0686a133b78bd32010faf1e1fcda270
- SHA512
  
  d475e9b28e51bc383812bd00367e7a79558a50fe76a9fd5c1072ffedda1e5037fc7b92becb571f0a56e4831a28239fb247a15dbdafd60d0bc0415a229b0462ba
- SSDEEP
  
  6144:yTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:yTBPFV0RyWl3h2E+7pYm0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2