9b655e89346579c9d3c77f330d96e46d6671789ef94320b94c1d22703aecf649 | Triage

Sharing

General

Target

2024-02-25_f92b1e5b0208625c150c3a59a78e4014_mafia_nionspy
Size

344KB
Sample

240225-b4zbyaaf6y
MD5

f92b1e5b0208625c150c3a59a78e4014
SHA1

545f7c7ff142a4359704ece07f157af80a020cd3
SHA256

9b655e89346579c9d3c77f330d96e46d6671789ef94320b94c1d22703aecf649
SHA512

b4a71d2e7c641aec7f8777b6d5c3a228c517c2503fcabc68ea0ad639a0bbddbd930e3c0be32bae21405c290820844e43b0edc83496e6b0d769c9b14d2534bb22
SSDEEP

6144:3ITz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:4TBPFV0RyWl3h2E+7pYm0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-25_f92b1e5b0208625c150c3a59a78e4014_mafia_nionspy
- Size
  
  344KB
- MD5
  
  f92b1e5b0208625c150c3a59a78e4014
- SHA1
  
  545f7c7ff142a4359704ece07f157af80a020cd3
- SHA256
  
  9b655e89346579c9d3c77f330d96e46d6671789ef94320b94c1d22703aecf649
- SHA512
  
  b4a71d2e7c641aec7f8777b6d5c3a228c517c2503fcabc68ea0ad639a0bbddbd930e3c0be32bae21405c290820844e43b0edc83496e6b0d769c9b14d2534bb22
- SSDEEP
  
  6144:3ITz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:4TBPFV0RyWl3h2E+7pYm0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2