71e3b0ed0049a94a0e79d10a1238f8eb4081c2537552cc14c7e792a661ad4ebc | Triage

Sharing

General

Target

2024-04-27_8af0a9b33e141b2dffd58800fc02ad83_mafia_nionspy
Size

280KB
Sample

240427-2jb9saad6z
MD5

8af0a9b33e141b2dffd58800fc02ad83
SHA1

4ea588994e0b6ecb2b35c1d8a8b5ee77dad42129
SHA256

71e3b0ed0049a94a0e79d10a1238f8eb4081c2537552cc14c7e792a661ad4ebc
SHA512

c6e4562860fa2d563a28beba79b70b2761da5a8367b666f131bb9df019992c5fd7b5388ce1312dc4faa928b9202b245bed29eced34c5197a071e106d8492c769
SSDEEP

6144:yTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:yTBPFV0RyWl3h2E+7pl

Score

7^/10

Malware Config

Targets

- Target
  
  2024-04-27_8af0a9b33e141b2dffd58800fc02ad83_mafia_nionspy
- Size
  
  280KB
- MD5
  
  8af0a9b33e141b2dffd58800fc02ad83
- SHA1
  
  4ea588994e0b6ecb2b35c1d8a8b5ee77dad42129
- SHA256
  
  71e3b0ed0049a94a0e79d10a1238f8eb4081c2537552cc14c7e792a661ad4ebc
- SHA512
  
  c6e4562860fa2d563a28beba79b70b2761da5a8367b666f131bb9df019992c5fd7b5388ce1312dc4faa928b9202b245bed29eced34c5197a071e106d8492c769
- SSDEEP
  
  6144:yTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:yTBPFV0RyWl3h2E+7pl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2