6dbee7b1b2b7773cd77bfbcd4fa92fa28b18cfe49548068c9114f994b4812d6b | Triage

Sharing

General

Target

2024-09-19_adb476b4f6b85a578884ee2e8587ca16_mafia_nionspy
Size

328KB
Sample

240919-dcqltsxcnb
MD5

adb476b4f6b85a578884ee2e8587ca16
SHA1

351af92d3821755e1309326fc2be2ba5d5abc400
SHA256

6dbee7b1b2b7773cd77bfbcd4fa92fa28b18cfe49548068c9114f994b4812d6b
SHA512

8f24b4a7742269b6b1c440c74d95d1a242b0e50d8423ce684b5eceb09225436ad9de17da162638d8f1d6f0e04f9be675ec2afc9420cf761d829129d097b1370d
SSDEEP

6144:m2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1vs:m2TFafJiHCWBWPMjVWrXf1vs

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-19_adb476b4f6b85a578884ee2e8587ca16_mafia_nionspy
- Size
  
  328KB
- MD5
  
  adb476b4f6b85a578884ee2e8587ca16
- SHA1
  
  351af92d3821755e1309326fc2be2ba5d5abc400
- SHA256
  
  6dbee7b1b2b7773cd77bfbcd4fa92fa28b18cfe49548068c9114f994b4812d6b
- SHA512
  
  8f24b4a7742269b6b1c440c74d95d1a242b0e50d8423ce684b5eceb09225436ad9de17da162638d8f1d6f0e04f9be675ec2afc9420cf761d829129d097b1370d
- SSDEEP
  
  6144:m2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1vs:m2TFafJiHCWBWPMjVWrXf1vs
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2