a05938be4c1060fea431dedb339f637230e8e607c8e2e5c0cd0374da1c66651b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-17_dc3f2f08ee05dd5f0c94830cfc465dbb_mafia_nionspy
Size

280KB
Sample

240417-1wa2tage91
MD5

dc3f2f08ee05dd5f0c94830cfc465dbb
SHA1

d5ce4176be2c3509d8bbd7f57fbce7b792c5611b
SHA256

a05938be4c1060fea431dedb339f637230e8e607c8e2e5c0cd0374da1c66651b
SHA512

babc1673e908dea130a0811a24cb838b587dd73aa11b49bd0156ed6742f2f717527ee36072a416aa349ddb1f0ff5a067bc795c0b8adca44a51438f9fb8069265
SSDEEP

6144:TTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:TTBPFV0RyWl3h2E+7pl

Score

7^/10

Malware Config

Targets

- Target
  
  2024-04-17_dc3f2f08ee05dd5f0c94830cfc465dbb_mafia_nionspy
- Size
  
  280KB
- MD5
  
  dc3f2f08ee05dd5f0c94830cfc465dbb
- SHA1
  
  d5ce4176be2c3509d8bbd7f57fbce7b792c5611b
- SHA256
  
  a05938be4c1060fea431dedb339f637230e8e607c8e2e5c0cd0374da1c66651b
- SHA512
  
  babc1673e908dea130a0811a24cb838b587dd73aa11b49bd0156ed6742f2f717527ee36072a416aa349ddb1f0ff5a067bc795c0b8adca44a51438f9fb8069265
- SSDEEP
  
  6144:TTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:TTBPFV0RyWl3h2E+7pl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2