31a5a44e98d378e897b6723f7f79747bb3ce5c2e07811ebf6a149fef6f589ee3 | Triage

Sharing

General

Target

2024-09-13_fb6a8eaf251262fbca16350e21c8eadd_mafia_nionspy
Size

280KB
Sample

240913-t8b2baxglh
MD5

fb6a8eaf251262fbca16350e21c8eadd
SHA1

f9566ad2d1f25fca5c2db17d0afae286189b3c45
SHA256

31a5a44e98d378e897b6723f7f79747bb3ce5c2e07811ebf6a149fef6f589ee3
SHA512

3568c8252249385434ce6142762639b12a11e85996d4edb0abe8102c15698824cba4d2486483861dd5eb6e69c3b9d573a426ddbeebbfa1ab9d3ca3775940487a
SSDEEP

6144:/Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:/QMyfmNFHfnWfhLZVHmOog

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-13_fb6a8eaf251262fbca16350e21c8eadd_mafia_nionspy
- Size
  
  280KB
- MD5
  
  fb6a8eaf251262fbca16350e21c8eadd
- SHA1
  
  f9566ad2d1f25fca5c2db17d0afae286189b3c45
- SHA256
  
  31a5a44e98d378e897b6723f7f79747bb3ce5c2e07811ebf6a149fef6f589ee3
- SHA512
  
  3568c8252249385434ce6142762639b12a11e85996d4edb0abe8102c15698824cba4d2486483861dd5eb6e69c3b9d573a426ddbeebbfa1ab9d3ca3775940487a
- SSDEEP
  
  6144:/Q+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:/QMyfmNFHfnWfhLZVHmOog
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2