04989ed6fbfa683eef15a5e84ba92db96127af149f098843ddca7892d82b7ed5 | Triage

Sharing

General

Target

2024-05-29_d020d3bd92064105b7317595f11db8bc_mafia_nionspy
Size

344KB
Sample

240529-ws8rfscg51
MD5

d020d3bd92064105b7317595f11db8bc
SHA1

9de4ad645f219a35a81fb11d67cf83fda4395179
SHA256

04989ed6fbfa683eef15a5e84ba92db96127af149f098843ddca7892d82b7ed5
SHA512

7a1f0c9de43d1c4bc60bbf6c3b906f7340b0ad96196c0b2829292cc4002b3dc1323827ac64b16a707ec87fb25159483ed116d3f95ab9323ca4b0b914b7ea1452
SSDEEP

6144:HTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:HTBPFV0RyWl3h2E+7pYm0

Score

7^/10

Malware Config

Targets

- Target
  
  2024-05-29_d020d3bd92064105b7317595f11db8bc_mafia_nionspy
- Size
  
  344KB
- MD5
  
  d020d3bd92064105b7317595f11db8bc
- SHA1
  
  9de4ad645f219a35a81fb11d67cf83fda4395179
- SHA256
  
  04989ed6fbfa683eef15a5e84ba92db96127af149f098843ddca7892d82b7ed5
- SHA512
  
  7a1f0c9de43d1c4bc60bbf6c3b906f7340b0ad96196c0b2829292cc4002b3dc1323827ac64b16a707ec87fb25159483ed116d3f95ab9323ca4b0b914b7ea1452
- SSDEEP
  
  6144:HTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDBRm1+gmN:HTBPFV0RyWl3h2E+7pYm0
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2