fe065726a5e71f1aa1c189c7d0294b2f3be7597c3e0a557dfac0a12f2185756c | Triage

Sharing

General

Target

2024-02-14_c2af3fb380f4572646f3d4012e98c8c8_mafia_nionspy
Size

327KB
Sample

240214-c6rwbagb89
MD5

c2af3fb380f4572646f3d4012e98c8c8
SHA1

dc105eaef28fb9ff44888e8cc5cf88c4114ed681
SHA256

fe065726a5e71f1aa1c189c7d0294b2f3be7597c3e0a557dfac0a12f2185756c
SHA512

e42f4f13cb381cf514d733fcc75b29c17f395d6f6db30ff9fd477b45accbf080730e8ce068f5be6388c0fb2b4da7bdd538ef554f35ee41289eec33329df28897
SSDEEP

6144:N2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:N2TFafJiHCWBWPMjVWrXK0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-14_c2af3fb380f4572646f3d4012e98c8c8_mafia_nionspy
- Size
  
  327KB
- MD5
  
  c2af3fb380f4572646f3d4012e98c8c8
- SHA1
  
  dc105eaef28fb9ff44888e8cc5cf88c4114ed681
- SHA256
  
  fe065726a5e71f1aa1c189c7d0294b2f3be7597c3e0a557dfac0a12f2185756c
- SHA512
  
  e42f4f13cb381cf514d733fcc75b29c17f395d6f6db30ff9fd477b45accbf080730e8ce068f5be6388c0fb2b4da7bdd538ef554f35ee41289eec33329df28897
- SSDEEP
  
  6144:N2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:N2TFafJiHCWBWPMjVWrXK0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2