654414841aef38de9faa7747c3c49f0a0bf566be26425c5254f148e85e8bc716 | Triage

Sharing

General

Target

2024-04-08_31ca0f56e33975f5cfc07df1a9a9d1e8_mafia_nionspy
Size

280KB
Sample

240409-tqveyafd3z
MD5

31ca0f56e33975f5cfc07df1a9a9d1e8
SHA1

9a03df962d9afa5ff500758cdec3e1621c71343c
SHA256

654414841aef38de9faa7747c3c49f0a0bf566be26425c5254f148e85e8bc716
SHA512

97e547d6702564bb25f6a3f63634b23bc3b9bf6472f9b9e25443b2ec4a37854c8a876a596a9503117d1e1ee88b601f0813ee910adb53836791d935503ae2f453
SSDEEP

6144:ZQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:ZQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-04-08_31ca0f56e33975f5cfc07df1a9a9d1e8_mafia_nionspy
- Size
  
  280KB
- MD5
  
  31ca0f56e33975f5cfc07df1a9a9d1e8
- SHA1
  
  9a03df962d9afa5ff500758cdec3e1621c71343c
- SHA256
  
  654414841aef38de9faa7747c3c49f0a0bf566be26425c5254f148e85e8bc716
- SHA512
  
  97e547d6702564bb25f6a3f63634b23bc3b9bf6472f9b9e25443b2ec4a37854c8a876a596a9503117d1e1ee88b601f0813ee910adb53836791d935503ae2f453
- SSDEEP
  
  6144:ZQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:ZQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2