845ebaa41f8ca8413efc20a1ecc486ed7611fd5cf0a556a76ecccb84eb9758f0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-12_c27a442c7fefeeb572661541413d1db9_mafia_nionspy
Size

274KB
Sample

240812-n6fntsthne
MD5

c27a442c7fefeeb572661541413d1db9
SHA1

61a4422edec60302aca3688ed5cbfaed41622c3f
SHA256

845ebaa41f8ca8413efc20a1ecc486ed7611fd5cf0a556a76ecccb84eb9758f0
SHA512

81747b24aacd6ef6e4c06f364481a51363905dc69a0b6e81d4ba44308ac048a7926672842bc02ed681111183abe6d36abf81ad7c8c3bb75b3d2b16bf940fca83
SSDEEP

6144:mYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:mYvEbrUjp3SpWggd3JBPlPDIQ3g

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-08-12_c27a442c7fefeeb572661541413d1db9_mafia_nionspy
- Size
  
  274KB
- MD5
  
  c27a442c7fefeeb572661541413d1db9
- SHA1
  
  61a4422edec60302aca3688ed5cbfaed41622c3f
- SHA256
  
  845ebaa41f8ca8413efc20a1ecc486ed7611fd5cf0a556a76ecccb84eb9758f0
- SHA512
  
  81747b24aacd6ef6e4c06f364481a51363905dc69a0b6e81d4ba44308ac048a7926672842bc02ed681111183abe6d36abf81ad7c8c3bb75b3d2b16bf940fca83
- SSDEEP
  
  6144:mYvZ6brUj+bvqHXSpWr2Kqz83Oad3Jg4PlPDIQ+KLzDDg:mYvEbrUjp3SpWggd3JBPlPDIQ3g
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2