f3fd3227943d530c1b7ed05afd9f55e47466ebc324305dd446c88ce5ef5dcc69 | Triage

Sharing

General

Target

2024-03-14_f70f2c4bdba779af238f7be4cae14624_mafia_nionspy
Size

280KB
Sample

240314-js6wmsec8y
MD5

f70f2c4bdba779af238f7be4cae14624
SHA1

03cb994ad055f4f8821129c6bd37e2f5dd621ea2
SHA256

f3fd3227943d530c1b7ed05afd9f55e47466ebc324305dd446c88ce5ef5dcc69
SHA512

7095fa38a2a7dc4b8d17c2872ef744c53a015bf76ca2a11ada58d2a8599991c6b1a8bd1f9cd407af5343208ce38838025ebe94d48492ecc637829306e38fe5b5
SSDEEP

6144:zTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:zTBPFV0RyWl3h2E+7pl

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-14_f70f2c4bdba779af238f7be4cae14624_mafia_nionspy
- Size
  
  280KB
- MD5
  
  f70f2c4bdba779af238f7be4cae14624
- SHA1
  
  03cb994ad055f4f8821129c6bd37e2f5dd621ea2
- SHA256
  
  f3fd3227943d530c1b7ed05afd9f55e47466ebc324305dd446c88ce5ef5dcc69
- SHA512
  
  7095fa38a2a7dc4b8d17c2872ef744c53a015bf76ca2a11ada58d2a8599991c6b1a8bd1f9cd407af5343208ce38838025ebe94d48492ecc637829306e38fe5b5
- SSDEEP
  
  6144:zTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:zTBPFV0RyWl3h2E+7pl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2