9be92ee342a0b87c9f0c5673fbbaacd5ea77094a88a79bed7f30c7892c81d4b9 | Triage

Sharing

General

Target

2024-02-23_8e7d291bf1327ae5e40b6a2609e185df_mafia_nionspy
Size

328KB
Sample

240223-d4q2nsbb78
MD5

8e7d291bf1327ae5e40b6a2609e185df
SHA1

56d65a71ad969977945e08a63b07bdd906d6d93c
SHA256

9be92ee342a0b87c9f0c5673fbbaacd5ea77094a88a79bed7f30c7892c81d4b9
SHA512

fefc27620958bbc67e24b72a4aa864b4a25b156895e46e87b4ef96c64d70f6b51d84350c9c624486cbe7b358aa169c229fa5e44dd227cf27b82cadc342766b2d
SSDEEP

6144:s72+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:s72TFafJiHCWBWPMjVWrXf1v

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-23_8e7d291bf1327ae5e40b6a2609e185df_mafia_nionspy
- Size
  
  328KB
- MD5
  
  8e7d291bf1327ae5e40b6a2609e185df
- SHA1
  
  56d65a71ad969977945e08a63b07bdd906d6d93c
- SHA256
  
  9be92ee342a0b87c9f0c5673fbbaacd5ea77094a88a79bed7f30c7892c81d4b9
- SHA512
  
  fefc27620958bbc67e24b72a4aa864b4a25b156895e46e87b4ef96c64d70f6b51d84350c9c624486cbe7b358aa169c229fa5e44dd227cf27b82cadc342766b2d
- SSDEEP
  
  6144:s72+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:s72TFafJiHCWBWPMjVWrXf1v
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2