fd7f8e7383ab5dd8f571fd51c371bc912a1c34bfdeb10d193be65a96ea3847f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_f40c6d8879b8c68a11ae00912873f6d8_mafia_nionspy
Size

280KB
Sample

240607-j78zjsdb8y
MD5

f40c6d8879b8c68a11ae00912873f6d8
SHA1

1d0d2d313ed3883080899586963ecf8b35aa799e
SHA256

fd7f8e7383ab5dd8f571fd51c371bc912a1c34bfdeb10d193be65a96ea3847f3
SHA512

c6f26544bfbf2b7170323e562239772e33ca9fa784f293fd63898914e31bd691416143d3469360447ebcfc92a4626afec7b834a0ac1b23fcee2c4122ab056930
SSDEEP

6144:eTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:eTBPFV0RyWl3h2E+7pl

Score

7^/10

Malware Config

Targets

- Target
  
  2024-06-07_f40c6d8879b8c68a11ae00912873f6d8_mafia_nionspy
- Size
  
  280KB
- MD5
  
  f40c6d8879b8c68a11ae00912873f6d8
- SHA1
  
  1d0d2d313ed3883080899586963ecf8b35aa799e
- SHA256
  
  fd7f8e7383ab5dd8f571fd51c371bc912a1c34bfdeb10d193be65a96ea3847f3
- SHA512
  
  c6f26544bfbf2b7170323e562239772e33ca9fa784f293fd63898914e31bd691416143d3469360447ebcfc92a4626afec7b834a0ac1b23fcee2c4122ab056930
- SSDEEP
  
  6144:eTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:eTBPFV0RyWl3h2E+7pl
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2