c44bbf081471bd0436325ed137966f2a9a9a725d56b3309666d22c29562fd608 | Triage

Sharing

General

Target

2024-04-30_c8683ba35b1593f691610157d0d54ccf_mafia_nionspy
Size

288KB
Sample

240430-edsm9abe65
MD5

c8683ba35b1593f691610157d0d54ccf
SHA1

03f102de8e3908e66382c692783c025035a852f9
SHA256

c44bbf081471bd0436325ed137966f2a9a9a725d56b3309666d22c29562fd608
SHA512

5c89e4958ac499e248b4906f8bbd4a6582b4bbffee98a21971c339fd907ca79510ef1b2428583e701bc38d63625f86f6aeaf3e2bd1de5c46f7529def1664ee40
SSDEEP

6144:fQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:fQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-04-30_c8683ba35b1593f691610157d0d54ccf_mafia_nionspy
- Size
  
  288KB
- MD5
  
  c8683ba35b1593f691610157d0d54ccf
- SHA1
  
  03f102de8e3908e66382c692783c025035a852f9
- SHA256
  
  c44bbf081471bd0436325ed137966f2a9a9a725d56b3309666d22c29562fd608
- SHA512
  
  5c89e4958ac499e248b4906f8bbd4a6582b4bbffee98a21971c339fd907ca79510ef1b2428583e701bc38d63625f86f6aeaf3e2bd1de5c46f7529def1664ee40
- SSDEEP
  
  6144:fQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:fQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2