1d9891b56d5922240d5e5c1735c876767a97969fdfd9df4d3b8543b57a8e1759 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-26_0d046c80e877a1555292b64aae5fb162_mafia_nionspy
Size

274KB
Sample

240326-g7j93sde37
MD5

0d046c80e877a1555292b64aae5fb162
SHA1

6398f64a0871fbf2c15fc05152b5b3bfb82ac13d
SHA256

1d9891b56d5922240d5e5c1735c876767a97969fdfd9df4d3b8543b57a8e1759
SHA512

efdc04d70036f8de39f3dcb488c41b87aa74a372cba9d63295bd72cc7080b17208fccd042128b2400b6a491fb6420742c06788721043c54c455f867b107a7274
SSDEEP

6144:nYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:nYvEbrUjp3SpWggd3JBPlPDIQ3g

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-26_0d046c80e877a1555292b64aae5fb162_mafia_nionspy
- Size
  
  274KB
- MD5
  
  0d046c80e877a1555292b64aae5fb162
- SHA1
  
  6398f64a0871fbf2c15fc05152b5b3bfb82ac13d
- SHA256
  
  1d9891b56d5922240d5e5c1735c876767a97969fdfd9df4d3b8543b57a8e1759
- SHA512
  
  efdc04d70036f8de39f3dcb488c41b87aa74a372cba9d63295bd72cc7080b17208fccd042128b2400b6a491fb6420742c06788721043c54c455f867b107a7274
- SSDEEP
  
  6144:nYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:nYvEbrUjp3SpWggd3JBPlPDIQ3g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2