4a274746db6658c00ddeb84aa29b306f25d4b99075e10b6d7bb2085655650dca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-17_fa142c47ee7ec28a1ffc4c083693d18f_mafia_nionspy
Size

280KB
Sample

240817-kcgggswepd
MD5

fa142c47ee7ec28a1ffc4c083693d18f
SHA1

46b8b19c4d0617c63c0c098453b9430b72f799db
SHA256

4a274746db6658c00ddeb84aa29b306f25d4b99075e10b6d7bb2085655650dca
SHA512

55b08961eacd520b7f5ab40c2ebe52deaa344858493b4ed0f6c7eea6f50ff2dac979e7fd28aa2e14aabd537532b46c589cf13bfdbec19c8eea30d25a98cd38a4
SSDEEP

6144:/Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:/QMyfmNFHfnWfhLZVHmOog

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-08-17_fa142c47ee7ec28a1ffc4c083693d18f_mafia_nionspy
- Size
  
  280KB
- MD5
  
  fa142c47ee7ec28a1ffc4c083693d18f
- SHA1
  
  46b8b19c4d0617c63c0c098453b9430b72f799db
- SHA256
  
  4a274746db6658c00ddeb84aa29b306f25d4b99075e10b6d7bb2085655650dca
- SHA512
  
  55b08961eacd520b7f5ab40c2ebe52deaa344858493b4ed0f6c7eea6f50ff2dac979e7fd28aa2e14aabd537532b46c589cf13bfdbec19c8eea30d25a98cd38a4
- SSDEEP
  
  6144:/Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:/QMyfmNFHfnWfhLZVHmOog
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2