66d67f999030f4c2ec07d50d9b11ea24f39c49c6d7d3cde2ffe2e9908686b46e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-03_77e876c8f3bc61673ab5176ccf480f7b_mafia_nionspy
Size

280KB
Sample

241003-hmdggatekb
MD5

77e876c8f3bc61673ab5176ccf480f7b
SHA1

ca7f727c7703a1112fcc2a07cd9eab15ee22a79d
SHA256

66d67f999030f4c2ec07d50d9b11ea24f39c49c6d7d3cde2ffe2e9908686b46e
SHA512

01195f98f954041f0f1f09d97a5517692f78a96c4046635da36097f07c2d7f1b1ed53c631ce0448abfbbca561ff33480eff5a1a0dc443d83c895f41e1778ddeb
SSDEEP

6144:vQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:vQMyfmNFHfnWfhLZVHmOog

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-10-03_77e876c8f3bc61673ab5176ccf480f7b_mafia_nionspy
- Size
  
  280KB
- MD5
  
  77e876c8f3bc61673ab5176ccf480f7b
- SHA1
  
  ca7f727c7703a1112fcc2a07cd9eab15ee22a79d
- SHA256
  
  66d67f999030f4c2ec07d50d9b11ea24f39c49c6d7d3cde2ffe2e9908686b46e
- SHA512
  
  01195f98f954041f0f1f09d97a5517692f78a96c4046635da36097f07c2d7f1b1ed53c631ce0448abfbbca561ff33480eff5a1a0dc443d83c895f41e1778ddeb
- SSDEEP
  
  6144:vQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:vQMyfmNFHfnWfhLZVHmOog
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2