08b25acf2afd46b960d113c70fb0f1a7cfa001f2307a635c56a1e4f9f06fe7c1 | Triage

Sharing

General

Target

2024-08-29_866a0b1b60021791e96455d6093703e8_mafia_nionspy
Size

278KB
Sample

240829-x5nsgsxcqb
MD5

866a0b1b60021791e96455d6093703e8
SHA1

e7137c22d4670c298c38629d28b7b6823ee88084
SHA256

08b25acf2afd46b960d113c70fb0f1a7cfa001f2307a635c56a1e4f9f06fe7c1
SHA512

7e500143c42e070de10f8e37c180f47b7063fa361b2d1b9c54909d9b6e1849328fc36cfa41bbdaf47742d2b57dc05efbb8cb61e2b4156c9bd6dfbc2b5228b05c
SSDEEP

6144:Gw4hgLb75NVXQyWX2Sdw8siam35MN3MTDSkdzDe1:GuL7tQyWqVmpMtGDy

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-08-29_866a0b1b60021791e96455d6093703e8_mafia_nionspy
- Size
  
  278KB
- MD5
  
  866a0b1b60021791e96455d6093703e8
- SHA1
  
  e7137c22d4670c298c38629d28b7b6823ee88084
- SHA256
  
  08b25acf2afd46b960d113c70fb0f1a7cfa001f2307a635c56a1e4f9f06fe7c1
- SHA512
  
  7e500143c42e070de10f8e37c180f47b7063fa361b2d1b9c54909d9b6e1849328fc36cfa41bbdaf47742d2b57dc05efbb8cb61e2b4156c9bd6dfbc2b5228b05c
- SSDEEP
  
  6144:Gw4hgLb75NVXQyWX2Sdw8siam35MN3MTDSkdzDe1:GuL7tQyWqVmpMtGDy
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2