e18e3a00c4370de0fa03282614e579c71a5afc4e7d46a01340f95174b7530b17 | Triage

Sharing

General

Target

2024-03-19_420c60449a71a562778bf305d4deca1d_mafia_nionspy
Size

280KB
Sample

240319-xbq1rabd33
MD5

420c60449a71a562778bf305d4deca1d
SHA1

f932de1ced01005856cea742dd199614b008f7e2
SHA256

e18e3a00c4370de0fa03282614e579c71a5afc4e7d46a01340f95174b7530b17
SHA512

9779a1aba5c2a9513d89b9978f97f4330783a2cb1d73eaa024897565ad125133e7d4e81921b61f50fee4cf64dd5f782781308a83bf3cf62aa7470a0d820c8246
SSDEEP

6144:NQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:NQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-19_420c60449a71a562778bf305d4deca1d_mafia_nionspy
- Size
  
  280KB
- MD5
  
  420c60449a71a562778bf305d4deca1d
- SHA1
  
  f932de1ced01005856cea742dd199614b008f7e2
- SHA256
  
  e18e3a00c4370de0fa03282614e579c71a5afc4e7d46a01340f95174b7530b17
- SHA512
  
  9779a1aba5c2a9513d89b9978f97f4330783a2cb1d73eaa024897565ad125133e7d4e81921b61f50fee4cf64dd5f782781308a83bf3cf62aa7470a0d820c8246
- SSDEEP
  
  6144:NQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:NQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2