0cb0ba40ee3eccba51fad343f90773ce4c0063a50abf95fc21ddb25bf1effa96 | Triage

Sharing

General

Target

2024-06-06_e756c059ca3f9cfef19ac5d8f99f5605_mafia_nionspy
Size

288KB
Sample

240606-xmq5wsbd82
MD5

e756c059ca3f9cfef19ac5d8f99f5605
SHA1

9e8a708da832b58813e2d9ab6925e5bcb551e687
SHA256

0cb0ba40ee3eccba51fad343f90773ce4c0063a50abf95fc21ddb25bf1effa96
SHA512

42b9f67646f7d3798cfc1803da7d09c649ff8fe9e6402c73e188655369ca80d47ca6ce68463ab8fe8317c2e60ca944d4bfe6c0c0a911f815d66d6084d4fb505c
SSDEEP

6144:DQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:DQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-06-06_e756c059ca3f9cfef19ac5d8f99f5605_mafia_nionspy
- Size
  
  288KB
- MD5
  
  e756c059ca3f9cfef19ac5d8f99f5605
- SHA1
  
  9e8a708da832b58813e2d9ab6925e5bcb551e687
- SHA256
  
  0cb0ba40ee3eccba51fad343f90773ce4c0063a50abf95fc21ddb25bf1effa96
- SHA512
  
  42b9f67646f7d3798cfc1803da7d09c649ff8fe9e6402c73e188655369ca80d47ca6ce68463ab8fe8317c2e60ca944d4bfe6c0c0a911f815d66d6084d4fb505c
- SSDEEP
  
  6144:DQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:DQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2