b58cc88c75c57a3c27952171b0c5bb8980856920cbbb7d4a37f22c89d405ee45 | Triage

Sharing

General

Target

2024-05-28_184c1c1123511d25280a81ce3df7874a_mafia_nionspy
Size

344KB
Sample

240528-y75dpacb68
MD5

184c1c1123511d25280a81ce3df7874a
SHA1

f7b93342bd85fcc975c748aff318f2bfe7b3a4cd
SHA256

b58cc88c75c57a3c27952171b0c5bb8980856920cbbb7d4a37f22c89d405ee45
SHA512

0bb432e782314ccb27fac0a51abfbb8cf88a81eafa3cbd4cd1b93b66667a1a53479309ec6c8cf1ec3de08672ddd0fb382f29e646c549e068b1d0f78fe7355645
SSDEEP

6144:lTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:lTBPFV0RyWl3h2E+7pYm0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-05-28_184c1c1123511d25280a81ce3df7874a_mafia_nionspy
- Size
  
  344KB
- MD5
  
  184c1c1123511d25280a81ce3df7874a
- SHA1
  
  f7b93342bd85fcc975c748aff318f2bfe7b3a4cd
- SHA256
  
  b58cc88c75c57a3c27952171b0c5bb8980856920cbbb7d4a37f22c89d405ee45
- SHA512
  
  0bb432e782314ccb27fac0a51abfbb8cf88a81eafa3cbd4cd1b93b66667a1a53479309ec6c8cf1ec3de08672ddd0fb382f29e646c549e068b1d0f78fe7355645
- SSDEEP
  
  6144:lTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:lTBPFV0RyWl3h2E+7pYm0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2