12ba2de52bccd2465c0635837d0ad7dab1b6229c905accdb410fa2b8475be4a5 | Triage

Sharing

General

Target

2024-06-12_fb174c77530db956bfa09cdb1393fb73_mafia_nionspy
Size

1.3MB
Sample

240612-gzl4pssfra
MD5

fb174c77530db956bfa09cdb1393fb73
SHA1

8007630deda28ad03a4ba9fa025dd6f816d1eae4
SHA256

12ba2de52bccd2465c0635837d0ad7dab1b6229c905accdb410fa2b8475be4a5
SHA512

21508d63b7e7d90f99e74cdfd5cd79f184eb5cd0adb8f1c40a2d985f1056615583f51343a051730d47c12a8a2e2f56eee52b5481f74fa3f0d5fad0b9c37fe10c
SSDEEP

24576:y2TFU+CWYPMeXf1Z2TFU+CWYPMeXf1G2TFU+CWYPMeXf1Z2TFU+CWYPMeXf1:y2TarkCf1Z2TarkCf1G2TarkCf1Z2Taf

Score

7^/10

Malware Config

Targets

- Target
  
  2024-06-12_fb174c77530db956bfa09cdb1393fb73_mafia_nionspy
- Size
  
  1.3MB
- MD5
  
  fb174c77530db956bfa09cdb1393fb73
- SHA1
  
  8007630deda28ad03a4ba9fa025dd6f816d1eae4
- SHA256
  
  12ba2de52bccd2465c0635837d0ad7dab1b6229c905accdb410fa2b8475be4a5
- SHA512
  
  21508d63b7e7d90f99e74cdfd5cd79f184eb5cd0adb8f1c40a2d985f1056615583f51343a051730d47c12a8a2e2f56eee52b5481f74fa3f0d5fad0b9c37fe10c
- SSDEEP
  
  24576:y2TFU+CWYPMeXf1Z2TFU+CWYPMeXf1G2TFU+CWYPMeXf1Z2TFU+CWYPMeXf1:y2TarkCf1Z2TarkCf1G2TarkCf1Z2Taf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2