759c6c0585c0936c410a686c8bf9cd16d1a6968d09773891877a7d3be16d9b1b | Triage

Sharing

General

Target

2024-01-25_4407e5b6b8759ce66f87159f69172467_mafia_nionspy
Size

274KB
Sample

240125-cwsd4aebh8
MD5

4407e5b6b8759ce66f87159f69172467
SHA1

545be6adcbe98bc260db1a367129ab29f5960e7a
SHA256

759c6c0585c0936c410a686c8bf9cd16d1a6968d09773891877a7d3be16d9b1b
SHA512

5dad9a194efb8618771eda652b93fb913bc759c96c65c0955e4594da7198ac4c9309aeabac6da3513c754deedfdd4e6d4225c9644b7018bdf20823d397499527
SSDEEP

6144:8YvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:8YvEbrUjp3SpWggd3JBPlPDIQ3g

Score

7^/10

Malware Config

Targets

- Target
  
  2024-01-25_4407e5b6b8759ce66f87159f69172467_mafia_nionspy
- Size
  
  274KB
- MD5
  
  4407e5b6b8759ce66f87159f69172467
- SHA1
  
  545be6adcbe98bc260db1a367129ab29f5960e7a
- SHA256
  
  759c6c0585c0936c410a686c8bf9cd16d1a6968d09773891877a7d3be16d9b1b
- SHA512
  
  5dad9a194efb8618771eda652b93fb913bc759c96c65c0955e4594da7198ac4c9309aeabac6da3513c754deedfdd4e6d4225c9644b7018bdf20823d397499527
- SSDEEP
  
  6144:8YvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:8YvEbrUjp3SpWggd3JBPlPDIQ3g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2