7e297ee79c74cf152cb71e453eb85636fa496ff3cd79b4f9b2b4ff3e363cd8f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-11_ac74375dc856be6c69426fa5bdc5beb1_mafia_nionspy
Size

328KB
Sample

240311-tagh5sef9t
MD5

ac74375dc856be6c69426fa5bdc5beb1
SHA1

49f038a57dbc985932e0aa28c63b48cae3c2e1c0
SHA256

7e297ee79c74cf152cb71e453eb85636fa496ff3cd79b4f9b2b4ff3e363cd8f5
SHA512

e5ed6bebca1346be0cfdb0464e8895a63cb0e0843982a2a6bec1c2234c7b53685d82ead35321236450b73fe3b9db5e54c0aaec83db5eea43a6a1d5d273238486
SSDEEP

6144:Q2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:Q2TFafJiHCWBWPMjVWrXf1v

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-11_ac74375dc856be6c69426fa5bdc5beb1_mafia_nionspy
- Size
  
  328KB
- MD5
  
  ac74375dc856be6c69426fa5bdc5beb1
- SHA1
  
  49f038a57dbc985932e0aa28c63b48cae3c2e1c0
- SHA256
  
  7e297ee79c74cf152cb71e453eb85636fa496ff3cd79b4f9b2b4ff3e363cd8f5
- SHA512
  
  e5ed6bebca1346be0cfdb0464e8895a63cb0e0843982a2a6bec1c2234c7b53685d82ead35321236450b73fe3b9db5e54c0aaec83db5eea43a6a1d5d273238486
- SSDEEP
  
  6144:Q2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v:Q2TFafJiHCWBWPMjVWrXf1v
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2