Overview

overview

7

Static

static

3

2024-05-20...py.exe

windows7-x64

7

2024-05-20...py.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-20_e74f9822aa60915ec053281ebb5b1f21_mafia_nionspy

  • Size

    274KB

  • Sample

    240520-2ka34saf41

  • MD5

    e74f9822aa60915ec053281ebb5b1f21

  • SHA1

    a78da3d5873df693d372a142b900de309bf38bfb

  • SHA256

    43ad7b5b98889dde80869c308f806c12eed6dea74d00e44aae00a883c8da455c

  • SHA512

    8910a72fcaaf886da756902636cae2373262fb88575e268a81dda5b9326e3be28086034de9ec5dbaff018c4aff62889f46f48e7dd9035fda83da6c4676737642

  • SSDEEP

    6144:KYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:KYvEbrUjp3SpWggd3JBPlPDIQ3g

Score
7/10

Malware Config

Targets

    • Target

      2024-05-20_e74f9822aa60915ec053281ebb5b1f21_mafia_nionspy

    • Size

      274KB

    • MD5

      e74f9822aa60915ec053281ebb5b1f21

    • SHA1

      a78da3d5873df693d372a142b900de309bf38bfb

    • SHA256

      43ad7b5b98889dde80869c308f806c12eed6dea74d00e44aae00a883c8da455c

    • SHA512

      8910a72fcaaf886da756902636cae2373262fb88575e268a81dda5b9326e3be28086034de9ec5dbaff018c4aff62889f46f48e7dd9035fda83da6c4676737642

    • SSDEEP

      6144:KYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:KYvEbrUjp3SpWggd3JBPlPDIQ3g

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks