maui | 9269077565[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9269077565.zip
Size

4.3MB
MD5

027c9a26f48f65f4e37d652b6ddb9ed2
SHA1

bc3eca87940002e244340d8c75e3a22da58c1662
SHA256

6069efe2b1a5cdf837ac7c4c6a1f107387711ebad0ecfc793980ee92475f03a8
SHA512

6dea0d05df1fde6a349dcd4d73524057002c922118aee3f684a42587e325d3866cf0d9fe0013ce5c2ef17dcff6226bc24212b8f306be8745495ab1666b079b9b
SSDEEP

98304:2bOmOez7M9Hbr5ZAeyz8hdhK+qlPQvul3zp5lUCodyObyn2vbOmOez7T:2xkgeyz8/hY9L3znmD3m2vx/

Score

10^/10

maui

Malware Config

Signatures

Detect Maui ransomware 2 IoCs

resource	yara_rule
static1/unpack001/45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78	family_maui
static1/unpack001/5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e	family_maui

Maui family
maui

Files

9269077565.zip
.zip

Password: infected
45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78
.exe windows x86

b7270585cf85c21db1df48e009263fb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetTempPathW
GetCurrentThreadId
CreateThread
GetFileAttributesW
InterlockedCompareExchange64
GetTempFileNameW
CreateFileW
SetFileTime
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
GetProcAddress
HeapAlloc
GetLastError
HeapFree
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
MoveFileW
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
CreateFileA
GetModuleFileNameA
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RaiseException
SetFilePointer
MultiByteToWideChar
ReadFile
GetConsoleCP
GetConsoleMode
VirtualFree
VirtualAlloc
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetModuleHandleA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringA
GetCurrentDirectoryA
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
GetFileAttributesExW
GetModuleFileNameW
CloseHandle
Sleep
SetUnhandledExceptionFilter
CreateMutexW
ReleaseMutex
WaitForSingleObject
WriteFile
ExitProcess
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetDriveTypeA

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Sections

.text
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219
.exe windows x64

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e
.exe windows x86

b7270585cf85c21db1df48e009263fb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetTempPathW
GetCurrentThreadId
CreateThread
GetFileAttributesW
InterlockedCompareExchange64
GetTempFileNameW
CreateFileW
SetFileTime
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
GetProcAddress
HeapAlloc
GetLastError
HeapFree
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
MoveFileW
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
CreateFileA
GetModuleFileNameA
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RaiseException
SetFilePointer
MultiByteToWideChar
ReadFile
GetConsoleCP
GetConsoleMode
VirtualFree
VirtualAlloc
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetModuleHandleA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringA
GetCurrentDirectoryA
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
GetFileAttributesExW
GetModuleFileNameW
CloseHandle
Sleep
SetUnhandledExceptionFilter
CreateMutexW
ReleaseMutex
WaitForSingleObject
WriteFile
ExitProcess
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetDriveTypeA

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Sections

.text
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b7270585cf85c21db1df48e009263fb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 497KB - Virtual size: 497KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 37KB - Virtual size: 37KB

c7269d59926fa4252270f407e4dab043

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 323KB - Virtual size: 704KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 354KB - Virtual size: 353KB

/32 Size: 73KB - Virtual size: 73KB

/46 Size: 512B - Virtual size: 34B

/65 Size: 563KB - Virtual size: 563KB

/78 Size: 431KB - Virtual size: 430KB

/90 Size: 118KB - Virtual size: 117KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 86KB - Virtual size: 86KB

.symtab Size: 295KB - Virtual size: 295KB

b7270585cf85c21db1df48e009263fb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 497KB - Virtual size: 497KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 497KB - Virtual size: 497KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 37KB - Virtual size: 37KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 323KB - Virtual size: 704KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 354KB - Virtual size: 353KB

/32
Size: 73KB - Virtual size: 73KB

/46
Size: 512B - Virtual size: 34B

/65
Size: 563KB - Virtual size: 563KB

/78
Size: 431KB - Virtual size: 430KB

/90
Size: 118KB - Virtual size: 117KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 86KB - Virtual size: 86KB

.symtab
Size: 295KB - Virtual size: 295KB

.text
Size: 497KB - Virtual size: 497KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 37KB - Virtual size: 37KB