f2e1877924e64a6c9954834473dfc415a675045a9b92ccd2499a97c36b94b558 | Triage

Sharing

General

Target

2024-05-21_ae2f3627ae7ea50bc429ae44fc90afdc_mafia_nionspy
Size

274KB
Sample

240521-zmv5ysaa54
MD5

ae2f3627ae7ea50bc429ae44fc90afdc
SHA1

14852b1e30c400d54f41f8851c56450b57fe5dd3
SHA256

f2e1877924e64a6c9954834473dfc415a675045a9b92ccd2499a97c36b94b558
SHA512

141cb8b2355604c82459b84c467ea18fb521a24231fa830470cf864ed75a9016ad5aa08436beabd8ed3c06c767f45499e9c7a295355f919473ddd208119e37a5
SSDEEP

6144:PYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:PYvEbrUjp3SpWggd3JBPlPDIQ3g

Score

7^/10

Malware Config

Targets

- Target
  
  2024-05-21_ae2f3627ae7ea50bc429ae44fc90afdc_mafia_nionspy
- Size
  
  274KB
- MD5
  
  ae2f3627ae7ea50bc429ae44fc90afdc
- SHA1
  
  14852b1e30c400d54f41f8851c56450b57fe5dd3
- SHA256
  
  f2e1877924e64a6c9954834473dfc415a675045a9b92ccd2499a97c36b94b558
- SHA512
  
  141cb8b2355604c82459b84c467ea18fb521a24231fa830470cf864ed75a9016ad5aa08436beabd8ed3c06c767f45499e9c7a295355f919473ddd208119e37a5
- SSDEEP
  
  6144:PYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:PYvEbrUjp3SpWggd3JBPlPDIQ3g
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2