ff4672c7dfa986053e0b8ed31c9dd7e62f181ba2c50c40a76751aab5ab759239 | Triage

Sharing

General

Target

2024-02-29_ead23e80921e44fa779c8fe6a114539a_mafia_nionspy
Size

288KB
Sample

240229-bbb1yahg89
MD5

ead23e80921e44fa779c8fe6a114539a
SHA1

253c7c82be38fe05317d8238425af43cb4c7f253
SHA256

ff4672c7dfa986053e0b8ed31c9dd7e62f181ba2c50c40a76751aab5ab759239
SHA512

129046a1ae831228f41d115b6f1ed8382523fa5928b215ed3d4b8b1370fad0a87b56bcb45bec50e82c4db979d03209b9795f3be57ca0d1f34ed2e281016d2f42
SSDEEP

6144:NQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:NQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-02-29_ead23e80921e44fa779c8fe6a114539a_mafia_nionspy
- Size
  
  288KB
- MD5
  
  ead23e80921e44fa779c8fe6a114539a
- SHA1
  
  253c7c82be38fe05317d8238425af43cb4c7f253
- SHA256
  
  ff4672c7dfa986053e0b8ed31c9dd7e62f181ba2c50c40a76751aab5ab759239
- SHA512
  
  129046a1ae831228f41d115b6f1ed8382523fa5928b215ed3d4b8b1370fad0a87b56bcb45bec50e82c4db979d03209b9795f3be57ca0d1f34ed2e281016d2f42
- SSDEEP
  
  6144:NQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:NQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2