35635359577ad4c5104f5432e414b5cf1a24c22d7c79946a10320b14eb9cdf69 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-09_358b0ecbbad423d5d9db5a1aee6e1f87_mafia_nionspy
Size

274KB
Sample

240309-v2rc4aea4y
MD5

358b0ecbbad423d5d9db5a1aee6e1f87
SHA1

fdf4c7742c85dbd40556f45f5b7274e70bf53560
SHA256

35635359577ad4c5104f5432e414b5cf1a24c22d7c79946a10320b14eb9cdf69
SHA512

8e5197da32e684152f7706786996c1620f5e954c86006f2bf6b597319eac9ea82968af0115b8dee4d2cc4296f5fe686393b535010e664329a5c95299f1d1957a
SSDEEP

6144:KYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:KYvEbrUjp3SpWggd3JBPlPDIQ3g

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-09_358b0ecbbad423d5d9db5a1aee6e1f87_mafia_nionspy
- Size
  
  274KB
- MD5
  
  358b0ecbbad423d5d9db5a1aee6e1f87
- SHA1
  
  fdf4c7742c85dbd40556f45f5b7274e70bf53560
- SHA256
  
  35635359577ad4c5104f5432e414b5cf1a24c22d7c79946a10320b14eb9cdf69
- SHA512
  
  8e5197da32e684152f7706786996c1620f5e954c86006f2bf6b597319eac9ea82968af0115b8dee4d2cc4296f5fe686393b535010e664329a5c95299f1d1957a
- SSDEEP
  
  6144:KYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:KYvEbrUjp3SpWggd3JBPlPDIQ3g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2