36a56882e7945fbfb5b228fe8ea536d6599ef7e463c2fb8705d0f3c48043569f | Triage

Sharing

General

Target

2024-03-09_25f23263eef94b0f89b7a09ad74d214d_mafia_nionspy
Size

280KB
Sample

240309-mswbpafa43
MD5

25f23263eef94b0f89b7a09ad74d214d
SHA1

43905a62596cd50b034d8d321206ed749e0727a4
SHA256

36a56882e7945fbfb5b228fe8ea536d6599ef7e463c2fb8705d0f3c48043569f
SHA512

ebddf22220e3b0af8ca99ceeaa3a3e9da5aab774c2e572bf0866ff3e80e7261e35a90cd2470b8dbb90973ddc6b604715597c99e0de6f376deed5e646d5872c90
SSDEEP

6144:NQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:NQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-09_25f23263eef94b0f89b7a09ad74d214d_mafia_nionspy
- Size
  
  280KB
- MD5
  
  25f23263eef94b0f89b7a09ad74d214d
- SHA1
  
  43905a62596cd50b034d8d321206ed749e0727a4
- SHA256
  
  36a56882e7945fbfb5b228fe8ea536d6599ef7e463c2fb8705d0f3c48043569f
- SHA512
  
  ebddf22220e3b0af8ca99ceeaa3a3e9da5aab774c2e572bf0866ff3e80e7261e35a90cd2470b8dbb90973ddc6b604715597c99e0de6f376deed5e646d5872c90
- SSDEEP
  
  6144:NQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:NQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2