4112d7e0c3e71141fed161e4f8ad1d3661ad0865e6a77892595b8a8bbca7fffb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_11d57b1121cdb54debbfc7c1059d9425_mafia_nionspy
Size

328KB
Sample

240204-pk33nsbdej
MD5

11d57b1121cdb54debbfc7c1059d9425
SHA1

339c7f31bbc17f85dea2e7a2e9dafca72352479b
SHA256

4112d7e0c3e71141fed161e4f8ad1d3661ad0865e6a77892595b8a8bbca7fffb
SHA512

f4ecb99d5a2998434b5cb8914f175699934fe01a5619744b06fe0abdc5c764d46d1706e1aa2dfc1ffb89a3226d152a9609dfee6ed4fae4381515263c32361605
SSDEEP

6144:v2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:v2TFafJiHCWBWPMjVWrXf1v

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-04_11d57b1121cdb54debbfc7c1059d9425_mafia_nionspy
- Size
  
  328KB
- MD5
  
  11d57b1121cdb54debbfc7c1059d9425
- SHA1
  
  339c7f31bbc17f85dea2e7a2e9dafca72352479b
- SHA256
  
  4112d7e0c3e71141fed161e4f8ad1d3661ad0865e6a77892595b8a8bbca7fffb
- SHA512
  
  f4ecb99d5a2998434b5cb8914f175699934fe01a5619744b06fe0abdc5c764d46d1706e1aa2dfc1ffb89a3226d152a9609dfee6ed4fae4381515263c32361605
- SSDEEP
  
  6144:v2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:v2TFafJiHCWBWPMjVWrXf1v
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2