3012ac86d0e0ae8fe6236e9ac431341ead0864ef2943355d647fc07dd1c4959f | Triage

Sharing

General

Target

2024-09-21_53227e9133ea384d4a88e9f688eb2e1d_mafia_nionspy
Size

328KB
Sample

240921-lpj9kswclj
MD5

53227e9133ea384d4a88e9f688eb2e1d
SHA1

76bc11ef2512241b2c1e70bde055bd80e6bc1819
SHA256

3012ac86d0e0ae8fe6236e9ac431341ead0864ef2943355d647fc07dd1c4959f
SHA512

a0c06b345600f6e3769236c9c45d952273b3cb38bf774487005f20443649666b0ef636aebfc03b2ae56cbe236daad355f7d97e9f5f3956ebee32d7c493375ff4
SSDEEP

6144:v2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v3:v2TFafJiHCWBWPMjVWrXf1v3

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-09-21_53227e9133ea384d4a88e9f688eb2e1d_mafia_nionspy
- Size
  
  328KB
- MD5
  
  53227e9133ea384d4a88e9f688eb2e1d
- SHA1
  
  76bc11ef2512241b2c1e70bde055bd80e6bc1819
- SHA256
  
  3012ac86d0e0ae8fe6236e9ac431341ead0864ef2943355d647fc07dd1c4959f
- SHA512
  
  a0c06b345600f6e3769236c9c45d952273b3cb38bf774487005f20443649666b0ef636aebfc03b2ae56cbe236daad355f7d97e9f5f3956ebee32d7c493375ff4
- SSDEEP
  
  6144:v2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v3:v2TFafJiHCWBWPMjVWrXf1v3
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2