c009670b36c563cfdde9672dd4cf28f3534d637ea4717552c97a39926789f756 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_35d4163ef734eddb43c4970d74583cff_mafia_nionspy
Size

280KB
Sample

240409-bwq1ladf7t
MD5

35d4163ef734eddb43c4970d74583cff
SHA1

8ffcb403cc6026b9264733b5a2e6b11ae36d846b
SHA256

c009670b36c563cfdde9672dd4cf28f3534d637ea4717552c97a39926789f756
SHA512

d7794ae87e6ab2fb4fe5e076d7ec4d567fec0f0247662534857c76a858250a7cd388c9358d15735c1023e3695295b55df814bf9d81cc898c1e8e02a892aa2a68
SSDEEP

6144:nQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:nQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-04-09_35d4163ef734eddb43c4970d74583cff_mafia_nionspy
- Size
  
  280KB
- MD5
  
  35d4163ef734eddb43c4970d74583cff
- SHA1
  
  8ffcb403cc6026b9264733b5a2e6b11ae36d846b
- SHA256
  
  c009670b36c563cfdde9672dd4cf28f3534d637ea4717552c97a39926789f756
- SHA512
  
  d7794ae87e6ab2fb4fe5e076d7ec4d567fec0f0247662534857c76a858250a7cd388c9358d15735c1023e3695295b55df814bf9d81cc898c1e8e02a892aa2a68
- SSDEEP
  
  6144:nQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:nQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2