f9ff6e2b83a934dbb0abaf0fd02a03d216b2adb89eda65bcf3636b12391ac822 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-04_2f49e3216a8aeab60d80bd9183622ea2_mafia_nionspy
Size

344KB
Sample

240504-e45qhadb7x
MD5

2f49e3216a8aeab60d80bd9183622ea2
SHA1

80905fe581b0249f483b2c48f763b1375700cf23
SHA256

f9ff6e2b83a934dbb0abaf0fd02a03d216b2adb89eda65bcf3636b12391ac822
SHA512

c304693b784a02d48f47a8836ffd0d1406bf5953f6bd98fb1a13d03167ed7e4d2c3a9802f973dc997ed17c00d9722157fee911031b07427b377a1945b02d21f1
SSDEEP

6144:iTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:iTBPFV0RyWl3h2E+7pYm0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-05-04_2f49e3216a8aeab60d80bd9183622ea2_mafia_nionspy
- Size
  
  344KB
- MD5
  
  2f49e3216a8aeab60d80bd9183622ea2
- SHA1
  
  80905fe581b0249f483b2c48f763b1375700cf23
- SHA256
  
  f9ff6e2b83a934dbb0abaf0fd02a03d216b2adb89eda65bcf3636b12391ac822
- SHA512
  
  c304693b784a02d48f47a8836ffd0d1406bf5953f6bd98fb1a13d03167ed7e4d2c3a9802f973dc997ed17c00d9722157fee911031b07427b377a1945b02d21f1
- SSDEEP
  
  6144:iTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:iTBPFV0RyWl3h2E+7pYm0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2