18813f12b08e0527334d93ed319674fa6f82c60a46a48893a4c38cf7f7150994 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-19_961872f150210f72ae42a17f898d76c6_mafia_nionspy
Size

327KB
Sample

240319-r3r48sfb8t
MD5

961872f150210f72ae42a17f898d76c6
SHA1

9a1281268b894f8280e1ce27b5becb8935920949
SHA256

18813f12b08e0527334d93ed319674fa6f82c60a46a48893a4c38cf7f7150994
SHA512

9bef1f095ac83e376b95d348513dd1b6592b2ff7573e3098e65245781755fb9288ef06d2de789c1b6e41474241957d05bee4d5877abd2be3eebcb1418dd3333f
SSDEEP

6144:N2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDpmv:N2TFafJiHCWBWPMjVWrXKcmv

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-19_961872f150210f72ae42a17f898d76c6_mafia_nionspy
- Size
  
  327KB
- MD5
  
  961872f150210f72ae42a17f898d76c6
- SHA1
  
  9a1281268b894f8280e1ce27b5becb8935920949
- SHA256
  
  18813f12b08e0527334d93ed319674fa6f82c60a46a48893a4c38cf7f7150994
- SHA512
  
  9bef1f095ac83e376b95d348513dd1b6592b2ff7573e3098e65245781755fb9288ef06d2de789c1b6e41474241957d05bee4d5877abd2be3eebcb1418dd3333f
- SSDEEP
  
  6144:N2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDpmv:N2TFafJiHCWBWPMjVWrXKcmv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2