f858a1e2a34cd4fbb52cf61984dc87c85bd932d1a94b14a69e0769effaaaff70 | Triage

Sharing

General

Target

2024-09-03_6293a828726e6cc06c120dd2444777e3_mafia_nionspy
Size

280KB
Sample

240903-pnty6sxgla
MD5

6293a828726e6cc06c120dd2444777e3
SHA1

ddaa4112ad27ac645f63f57c194e762ed11ce84e
SHA256

f858a1e2a34cd4fbb52cf61984dc87c85bd932d1a94b14a69e0769effaaaff70
SHA512

ce88e3a8d57c06e5ebe539c0d496e052ac2b4e790bb18ff5e81b35037e196fe49944eecd408328e4140b67c0da7318dbcd17ef630e2616090bd962653ceb4479
SSDEEP

6144:TQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:TQMyfmNFHfnWfhLZVHmOog

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-03_6293a828726e6cc06c120dd2444777e3_mafia_nionspy
- Size
  
  280KB
- MD5
  
  6293a828726e6cc06c120dd2444777e3
- SHA1
  
  ddaa4112ad27ac645f63f57c194e762ed11ce84e
- SHA256
  
  f858a1e2a34cd4fbb52cf61984dc87c85bd932d1a94b14a69e0769effaaaff70
- SHA512
  
  ce88e3a8d57c06e5ebe539c0d496e052ac2b4e790bb18ff5e81b35037e196fe49944eecd408328e4140b67c0da7318dbcd17ef630e2616090bd962653ceb4479
- SSDEEP
  
  6144:TQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:TQMyfmNFHfnWfhLZVHmOog
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2