43db7419f70eac0532b1645636810f0f564efbd8cff1c88f24c4c1b8cc7b4aaa | Triage

Sharing

General

Target

2024-04-29_a5fde98cae9a1bdaf178944db36f2dac_mafia_nionspy
Size

274KB
Sample

240429-pv8qxabb5y
MD5

a5fde98cae9a1bdaf178944db36f2dac
SHA1

fc704975fc96b873ba5e7e9eb8154c8dfbe1b26a
SHA256

43db7419f70eac0532b1645636810f0f564efbd8cff1c88f24c4c1b8cc7b4aaa
SHA512

417aa823d6cc1e6062513f54d7d033b98ff5c9bf9dc6b35f80ed82947c53db3fbf68cab645ffbe9a76505a477d91bf8e94c4990c7c0b5a9a83b3e506d3722cef
SSDEEP

6144:YYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:YYvEbrUjp3SpWggd3JBPlPDIQ3g

Score

7^/10

Malware Config

Targets

- Target
  
  2024-04-29_a5fde98cae9a1bdaf178944db36f2dac_mafia_nionspy
- Size
  
  274KB
- MD5
  
  a5fde98cae9a1bdaf178944db36f2dac
- SHA1
  
  fc704975fc96b873ba5e7e9eb8154c8dfbe1b26a
- SHA256
  
  43db7419f70eac0532b1645636810f0f564efbd8cff1c88f24c4c1b8cc7b4aaa
- SHA512
  
  417aa823d6cc1e6062513f54d7d033b98ff5c9bf9dc6b35f80ed82947c53db3fbf68cab645ffbe9a76505a477d91bf8e94c4990c7c0b5a9a83b3e506d3722cef
- SSDEEP
  
  6144:YYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:YYvEbrUjp3SpWggd3JBPlPDIQ3g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2