de80a3039338272c124494727d8ad071ce3ec4ba24a484c1ce5dd2e313611997 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-28_85fc163a2b19e7de451518dcfe479fac_mafia_nionspy
Size

327KB
Sample

240328-c8f7ladd5s
MD5

85fc163a2b19e7de451518dcfe479fac
SHA1

4c49af9c16c9ca680bdfa10b6f7d95081b4b7ed0
SHA256

de80a3039338272c124494727d8ad071ce3ec4ba24a484c1ce5dd2e313611997
SHA512

7225d1d090fb1b6c0d019771da8d9e8b9bb75297e1ac0889642b8cfa8de6e64cf1e6290032d15b3afa1f75be63c9fc8ad5e780224714fd05828bbcf9d0b2df6d
SSDEEP

6144:J2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:J2TFafJiHCWBWPMjVWrXK0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-03-28_85fc163a2b19e7de451518dcfe479fac_mafia_nionspy
- Size
  
  327KB
- MD5
  
  85fc163a2b19e7de451518dcfe479fac
- SHA1
  
  4c49af9c16c9ca680bdfa10b6f7d95081b4b7ed0
- SHA256
  
  de80a3039338272c124494727d8ad071ce3ec4ba24a484c1ce5dd2e313611997
- SHA512
  
  7225d1d090fb1b6c0d019771da8d9e8b9bb75297e1ac0889642b8cfa8de6e64cf1e6290032d15b3afa1f75be63c9fc8ad5e780224714fd05828bbcf9d0b2df6d
- SSDEEP
  
  6144:J2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:J2TFafJiHCWBWPMjVWrXK0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2