08c865f69fa1ab1dc7d5f02e81d58c6c223d8737b0f4b176a12d11ead69c1c7a | Triage

Sharing

General

Target

2024-09-19_a3b0b801b25637437c5e6a5f15400328_mafia_nionspy
Size

280KB
Sample

240919-f77vpstbqr
MD5

a3b0b801b25637437c5e6a5f15400328
SHA1

cc57b62d7a70481188b832fc85f9810d3c8aff64
SHA256

08c865f69fa1ab1dc7d5f02e81d58c6c223d8737b0f4b176a12d11ead69c1c7a
SHA512

b4b86857feda9f44b469fee73451ca95f11486e7aab8f4c09c0ed6e991e3e4312b02fc938eac2ec1df21e34d50ea3b06672261e0e39208acbb5826972b73f392
SSDEEP

6144:ITz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:ITBPFV0RyWl3h2E+7pl

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-19_a3b0b801b25637437c5e6a5f15400328_mafia_nionspy
- Size
  
  280KB
- MD5
  
  a3b0b801b25637437c5e6a5f15400328
- SHA1
  
  cc57b62d7a70481188b832fc85f9810d3c8aff64
- SHA256
  
  08c865f69fa1ab1dc7d5f02e81d58c6c223d8737b0f4b176a12d11ead69c1c7a
- SHA512
  
  b4b86857feda9f44b469fee73451ca95f11486e7aab8f4c09c0ed6e991e3e4312b02fc938eac2ec1df21e34d50ea3b06672261e0e39208acbb5826972b73f392
- SSDEEP
  
  6144:ITz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:ITBPFV0RyWl3h2E+7pl
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2