471de98869cf57b0ce3f602f9bf2b4e57e1f6d8508b94b8df73c6bf4b59b6d42 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_0f71c381b0b29d50c00d1d975418971e_mafia_nionspy
Size

280KB
Sample

240620-bs8q8s1crg
MD5

0f71c381b0b29d50c00d1d975418971e
SHA1

546a36023d0eff66a636dbcad3618276f4faffad
SHA256

471de98869cf57b0ce3f602f9bf2b4e57e1f6d8508b94b8df73c6bf4b59b6d42
SHA512

65b28018b0ea01930acde415aea4d3a9c9bc52f88f2b450a23049e2ce74bd459fccb29fba12def5a94d88fc1871ed599ff4cd2e03a635e43cd7a32869fe219e7
SSDEEP

6144:RQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:RQMyfmNFHfnWfhLZVHmOog

Score

7^/10

Malware Config

Targets

- Target
  
  2024-06-20_0f71c381b0b29d50c00d1d975418971e_mafia_nionspy
- Size
  
  280KB
- MD5
  
  0f71c381b0b29d50c00d1d975418971e
- SHA1
  
  546a36023d0eff66a636dbcad3618276f4faffad
- SHA256
  
  471de98869cf57b0ce3f602f9bf2b4e57e1f6d8508b94b8df73c6bf4b59b6d42
- SHA512
  
  65b28018b0ea01930acde415aea4d3a9c9bc52f88f2b450a23049e2ce74bd459fccb29fba12def5a94d88fc1871ed599ff4cd2e03a635e43cd7a32869fe219e7
- SSDEEP
  
  6144:RQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:RQMyfmNFHfnWfhLZVHmOog
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2