2023-08-27_3b6a593cc07c5a77ba0c1344899b23f7_mafia_ramnit_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-27_3b6a593cc07c5a77ba0c1344899b23f7_mafia_ramnit_JC.exe
Size

1.1MB
MD5

3b6a593cc07c5a77ba0c1344899b23f7
SHA1

27c400db9a20d7029111cbfa3b66beaaa80ca583
SHA256

a1296cc6b17bf42e45f474d0c51f31d18c7cd1e9e7ff3059a5bbe5d50a974969
SHA512

c0e8a151b3cfad08c8b3b10137815e5c15cc4026c61b647f7d81de677034b5886ce3c34a0a36fdd8e4fc9535b99a498b50037b6bc963e0f3113a4bc27919e2a8
SSDEEP

24576:uMbNxAaw8ikYb9N/ai9KHguT60i/Lo6H:uMbbAZRHgUM6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-27_3b6a593cc07c5a77ba0c1344899b23f7_mafia_ramnit_JC.exe

Files

2023-08-27_3b6a593cc07c5a77ba0c1344899b23f7_mafia_ramnit_JC.exe
.exe windows:5 windows x86

a66c9096cd1b03e8f00b14ec86f6fe81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
ntohs
socket
closesocket
getpeername
getsockopt
htons
bind
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup

wldap32

ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord46
ord60
ord41

kernel32

GetProcAddress
CreateThread
Sleep
GetLocalTime
GetTickCount
CreateDirectoryA
GetLastError
GetShortPathNameA
CreateFileA
ExitProcess
CreateEventA
WaitForSingleObject
OutputDebugStringW
SetEvent
ResetEvent
OpenEventA
SetUnhandledExceptionFilter
LoadLibraryA
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
DeleteFileA
FileTimeToSystemTime
SystemTimeToFileTime
GlobalAlloc
GlobalFree
FindFirstFileA
FindNextFileA
FindClose
SetErrorMode
GetFileTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetCurrentThread
GetModuleHandleW
CopyFileA
InitializeCriticalSection
EnterCriticalSection
Process32First
DeleteCriticalSection
FreeLibrary
SuspendThread
ResumeThread
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetModuleHandleExA
VirtualProtect
GetFileAttributesA
GetFullPathNameW
MultiByteToWideChar
GetThreadContext
SetThreadContext
TerminateThread
ExitThread
GetHandleInformation
SetLastError
FormatMessageA
SleepEx
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
lstrcpynA
OpenProcess
lstrcmpiA
CreateFileW
CompareStringW
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
CreateToolhelp32Snapshot
GetCurrentThreadId
WideCharToMultiByte
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
GetConsoleMode
QueryPerformanceCounter
GetConsoleCP
GetStartupInfoW
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
TlsFree
TlsSetValue
CloseHandle
GetFullPathNameA
Process32Next
VirtualQuery
FlushInstructionCache
VirtualFree
VirtualAlloc
FlushFileBuffers
LeaveCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapFree
HeapAlloc
GetDriveTypeW
SetEnvironmentVariableA
FileTimeToLocalFileTime
FindFirstFileExA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetFileInformationByHandle
SetFilePointer
GetDriveTypeA
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
HeapSize
GetLocaleInfoW
TlsAlloc
TlsGetValue

user32

GetClassNameA
IsWindowVisible
EnumThreadWindows
EnumWindows
MessageBoxA
wsprintfA
GetCursorPos
GetForegroundWindow
GetWindowTextW
GetWindowTextA
GetWindowThreadProcessId
FindWindowA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

psapi

GetModuleFileNameExA
EnumProcessModules

clifecrypt

RequestAesEncryptLength
AesCreateKeys
RequestAesCreateKeysLength
EccEncrypt
RequestEccEncryptLength
AesEncrypt
RequestRsaEncryptLength
RsaEncrypt

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a66c9096cd1b03e8f00b14ec86f6fe81

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

advapi32

shell32

oleaut32

setupapi

psapi

clifecrypt

shlwapi

Sections

.text Size: 727KB - Virtual size: 727KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 11KB - Virtual size: 24KB

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 72KB - Virtual size: 73KB

.rmnet Size: 86KB - Virtual size: 88KB

.text
Size: 727KB - Virtual size: 727KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 11KB - Virtual size: 24KB

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 72KB - Virtual size: 73KB

.rmnet
Size: 86KB - Virtual size: 88KB