a76e8c2f4c4e379bfd80ad470f189ef6004ec335bdf46f4198fecdba8a126489 | Triage

Sharing

General

Target

2024-11-20_383bab66cbae492eaf2adef555f70d29_mafia_nionspy
Size

328KB
Sample

241120-dyl6jazkcz
MD5

383bab66cbae492eaf2adef555f70d29
SHA1

ca3b71f5d76b49502a407325e7367f03ee46820c
SHA256

a76e8c2f4c4e379bfd80ad470f189ef6004ec335bdf46f4198fecdba8a126489
SHA512

e65edcccd1452325a21be3678214aef6b19a508a155beb72bffe97d825d6bae40ba7fe74f039f3a8a3f464c62edff58236aa1882e453fcbef289501b2dd8e938
SSDEEP

6144:D2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v4:D2TFafJiHCWBWPMjVWrXf1v4

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  2024-11-20_383bab66cbae492eaf2adef555f70d29_mafia_nionspy
- Size
  
  328KB
- MD5
  
  383bab66cbae492eaf2adef555f70d29
- SHA1
  
  ca3b71f5d76b49502a407325e7367f03ee46820c
- SHA256
  
  a76e8c2f4c4e379bfd80ad470f189ef6004ec335bdf46f4198fecdba8a126489
- SHA512
  
  e65edcccd1452325a21be3678214aef6b19a508a155beb72bffe97d825d6bae40ba7fe74f039f3a8a3f464c62edff58236aa1882e453fcbef289501b2dd8e938
- SSDEEP
  
  6144:D2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG89gkPzDh1v4:D2TFafJiHCWBWPMjVWrXf1v4
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2