af0ace6f58523f8a59ed2c83cf24849575f0a75559723c2b6bce5c58d0128441 | Triage

Sharing

General

Target

2024-09-19_0c39943a69340b0bc9c8f6dbeebf6871_mafia_nionspy
Size

280KB
Sample

240919-ea86tszbrq
MD5

0c39943a69340b0bc9c8f6dbeebf6871
SHA1

1674bfe9204ba59a3ccc13c27d11cc576143408c
SHA256

af0ace6f58523f8a59ed2c83cf24849575f0a75559723c2b6bce5c58d0128441
SHA512

11471aa2b78ce3f4af20bb1b5cf63b21f2f42884b2dd1f0d51a4b0edfa645db5e354eb3792dc70f43342d51ccd7ebebc9f639e72a34ea8e9b30447ef8e9e0690
SSDEEP

6144:/Tz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:/TBPFV0RyWl3h2E+7pl

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-19_0c39943a69340b0bc9c8f6dbeebf6871_mafia_nionspy
- Size
  
  280KB
- MD5
  
  0c39943a69340b0bc9c8f6dbeebf6871
- SHA1
  
  1674bfe9204ba59a3ccc13c27d11cc576143408c
- SHA256
  
  af0ace6f58523f8a59ed2c83cf24849575f0a75559723c2b6bce5c58d0128441
- SHA512
  
  11471aa2b78ce3f4af20bb1b5cf63b21f2f42884b2dd1f0d51a4b0edfa645db5e354eb3792dc70f43342d51ccd7ebebc9f639e72a34ea8e9b30447ef8e9e0690
- SSDEEP
  
  6144:/Tz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:/TBPFV0RyWl3h2E+7pl
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2