5ff475124cb3134f699bb7a6fab15aa74908f4dd42383675c2c09068a467b663 | Triage

Sharing

General

Target

2024-08-11_62a486f9bf8519b663f2ac7705159547_mafia_nionspy
Size

280KB
Sample

240811-g7wccasepe
MD5

62a486f9bf8519b663f2ac7705159547
SHA1

fe199c07e057faa2d0bdaf98fd46b10afccbcf04
SHA256

5ff475124cb3134f699bb7a6fab15aa74908f4dd42383675c2c09068a467b663
SHA512

3dd722daa40ffd9ceb76be3ba6994b109a9fba1294bff9f46e935be0450914f420a0def0ecd4de9e76485ede7ac13155634e44687270be597762a667d954f4a6
SSDEEP

6144:JTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:JTBPFV0RyWl3h2E+7pl

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-08-11_62a486f9bf8519b663f2ac7705159547_mafia_nionspy
- Size
  
  280KB
- MD5
  
  62a486f9bf8519b663f2ac7705159547
- SHA1
  
  fe199c07e057faa2d0bdaf98fd46b10afccbcf04
- SHA256
  
  5ff475124cb3134f699bb7a6fab15aa74908f4dd42383675c2c09068a467b663
- SHA512
  
  3dd722daa40ffd9ceb76be3ba6994b109a9fba1294bff9f46e935be0450914f420a0def0ecd4de9e76485ede7ac13155634e44687270be597762a667d954f4a6
- SSDEEP
  
  6144:JTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:JTBPFV0RyWl3h2E+7pl
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2