e550172994202072ad46789d5004d4811a4f9e7f69b4766682b66860536cf1d3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-09_d8b858102e091121aeed54224a4c2123_mafia_nionspy
Size

327KB
Sample

240110-grkwnsheel
MD5

d8b858102e091121aeed54224a4c2123
SHA1

cb6f48247ac2fdf56e0261578abaff90c86625be
SHA256

e550172994202072ad46789d5004d4811a4f9e7f69b4766682b66860536cf1d3
SHA512

ae1d0ed47590e3212890e183cd49cd31e845e0fb0d9034f7e5f900d8b690a0943aa4fc2ee2b558ce45ee9d2c2a11377a1cb9b06d2c221154bb68875b5f2aa1c7
SSDEEP

6144:p2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:p2TFafJiHCWBWPMjVWrXK0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-01-09_d8b858102e091121aeed54224a4c2123_mafia_nionspy
- Size
  
  327KB
- MD5
  
  d8b858102e091121aeed54224a4c2123
- SHA1
  
  cb6f48247ac2fdf56e0261578abaff90c86625be
- SHA256
  
  e550172994202072ad46789d5004d4811a4f9e7f69b4766682b66860536cf1d3
- SHA512
  
  ae1d0ed47590e3212890e183cd49cd31e845e0fb0d9034f7e5f900d8b690a0943aa4fc2ee2b558ce45ee9d2c2a11377a1cb9b06d2c221154bb68875b5f2aa1c7
- SSDEEP
  
  6144:p2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:p2TFafJiHCWBWPMjVWrXK0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2