8e1d0c4f144478f1e343f134765bfd219718a5e63ff0cf96464381a825d40333 | Triage

Sharing

General

Target

2024-09-06_130242798911d22b625e6328c8222b2f_mafia_nionspy
Size

280KB
Sample

240906-eb95hsthrl
MD5

130242798911d22b625e6328c8222b2f
SHA1

aa51fc010c06b95650ae7d3700f49c4ca18cd8ff
SHA256

8e1d0c4f144478f1e343f134765bfd219718a5e63ff0cf96464381a825d40333
SHA512

509bfe66007af02f2f63dc7e327eb2e331ef207a40c697fb5fc334f7f185d38f5e1740d0c0c0f5fb64a9da0f39c4c4a826555114e13ec668f857be9d958a9224
SSDEEP

6144:TQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:TQMyfmNFHfnWfhLZVHmOog

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-06_130242798911d22b625e6328c8222b2f_mafia_nionspy
- Size
  
  280KB
- MD5
  
  130242798911d22b625e6328c8222b2f
- SHA1
  
  aa51fc010c06b95650ae7d3700f49c4ca18cd8ff
- SHA256
  
  8e1d0c4f144478f1e343f134765bfd219718a5e63ff0cf96464381a825d40333
- SHA512
  
  509bfe66007af02f2f63dc7e327eb2e331ef207a40c697fb5fc334f7f185d38f5e1740d0c0c0f5fb64a9da0f39c4c4a826555114e13ec668f857be9d958a9224
- SSDEEP
  
  6144:TQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:TQMyfmNFHfnWfhLZVHmOog
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2