b49f66cf206cfab8ff63fc7b126dfdaa4360290a2229a562b5057087f5f78958 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-10_1f9f692e7b75351b0116cb696fa60027_mafia_nionspy
Size

280KB
Sample

240111-ggvm5afhgm
MD5

1f9f692e7b75351b0116cb696fa60027
SHA1

8553c61d42f91fda72cbb79bbe1368f9e40eb58c
SHA256

b49f66cf206cfab8ff63fc7b126dfdaa4360290a2229a562b5057087f5f78958
SHA512

5e084214d47bd7beba269a7c60d9dcc4fd6dc65412a59c97dc21978a45dba484a01aa95564a749d70508ad381111cd3e1d1fe4758d640ef348ffb2b6db0c2906
SSDEEP

6144:/Tz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:/TBPFV0RyWl3h2E+7pl

Score

7^/10

Malware Config

Targets

- Target
  
  2024-01-10_1f9f692e7b75351b0116cb696fa60027_mafia_nionspy
- Size
  
  280KB
- MD5
  
  1f9f692e7b75351b0116cb696fa60027
- SHA1
  
  8553c61d42f91fda72cbb79bbe1368f9e40eb58c
- SHA256
  
  b49f66cf206cfab8ff63fc7b126dfdaa4360290a2229a562b5057087f5f78958
- SHA512
  
  5e084214d47bd7beba269a7c60d9dcc4fd6dc65412a59c97dc21978a45dba484a01aa95564a749d70508ad381111cd3e1d1fe4758d640ef348ffb2b6db0c2906
- SSDEEP
  
  6144:/Tz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:/TBPFV0RyWl3h2E+7pl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2