2024-01-24_b0bf1f143fd0e05cc29ae61374c8659d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_b0bf1f143fd0e05cc29ae61374c8659d_mafia
Size

1010KB
MD5

b0bf1f143fd0e05cc29ae61374c8659d
SHA1

2de9166ebcd328c94695b1e3fbe3f639c1aab964
SHA256

b8b1996e45b666a3e6960923073ae33d488f3c55147d96e2c512e12583f4806e
SHA512

2c5d3d534f33fb3f0f578eb74cadb8f4f491f5368e51016ae55318f8f69c20c2a03af3342713f8b398c02a817ff5829d3cd21a4e54de5d1c1f697109ee63e5c3
SSDEEP

24576:sm6OUmrTiUnc/WBGdGoLt33EUWWiIeYc+fo7DcdY+d4TQdgwO:smembnc/WMIoLtEUWWifYc+f2DeNd4Tx

Score

1^/10

Malware Config

Signatures

Files

2024-01-24_b0bf1f143fd0e05cc29ae61374c8659d_mafia
.exe windows:5 windows x86 arch:x86

39c89186772c28e6af2da5abbae4c041

Code Sign

d1:9d:b1:a5:42:ff:d3:d9:9b:83:20:8f:e9:e8:0f:e3
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/12/2020, 00:00

Not After

10/12/2023, 23:59

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,POSTALCODE=603202,STREET=Estancia IT Park\, GST Road,L=Chengalpattu,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:2e:33:6b:c4:c0:90:69:cd:fa:a4:11:95:87:3c:12:36:73:b2:43:96:46:57:df:b1:94:32:0c:21:51:e7:91
Signer

Actual PE Digest

0c:2e:33:6b:c4:c0:90:69:cd:fa:a4:11:95:87:3c:12:36:73:b2:43:96:46:57:df:b1:94:32:0c:21:51:e7:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
CreateProcessAsUserW
GetTokenInformation
LookupPrivilegeNameA
CryptGetHashParam
CreateProcessAsUserA
RegSetValueExW
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyA
RegQueryValueExW
RegDeleteValueA
RegCreateKeyExA
CryptHashData
CryptGetUserKey
CryptDestroyHash
ControlService
CryptDestroyKey
CryptGenKey
RegCloseKey
OpenProcessToken
RegOpenKeyExA
RevertToSelf
OpenSCManagerA
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegQueryValueExA
RegSetValueExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

ws2_32

WSACleanup
WSAGetLastError
WSAStartup

iphlpapi

GetAdaptersInfo

crypt32

CertDeleteCertificateFromStore
CryptMsgGetParam
CertEnumCertificatesInStore
PFXImportCertStore
CertGetNameStringA
CertCloseStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CertFreeCertificateContext
PFXVerifyPassword
CertOpenStore
CryptStringToBinaryA
CryptQueryObject
CertNameToStrW
CertCreateCertificateContext

userenv

LoadUserProfileA
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSEnumerateSessionsA

winhttp

WinHttpReadData
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest

dclibxml2

xmlTextReaderGetAttribute
xmlTextReaderAttributeCount
xmlTextReaderValue
xmlTextReaderDepth
xmlParseMemory
xmlTextReaderRead
xmlFreeTextReader
xmlStrcmp
xmlNewTextReaderFilename
xmlParseFile
xmlFreeDoc
xmlCleanupParser
xmlNodeListGetString
xmlTextReaderName
xmlFree
xmlDocGetRootElement

kernel32

FindResourceExW
FindResourceW
LoadResource
CreateDirectoryW
WaitForSingleObject
WideCharToMultiByte
LoadLibraryW
SizeofResource
MultiByteToWideChar
GetLastError
GetProcAddress
LockResource
ReleaseMutex
CloseHandle
DeleteFileA
CreateFileA
GetFileSize
FindFirstFileW
GetLocaleInfoA
FreeLibrary
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetCurrentProcess
Process32First
GetTickCount
WriteFile
OpenProcess
Sleep
GetExitCodeProcess
CreateProcessA
TerminateProcess
FileTimeToSystemTime
ReadFile
GetTimeZoneInformation
GetEnvironmentVariableA
GetFileSizeEx
FindFirstFileA
CopyFileA
FindClose
GetLocalTime
LoadLibraryA
Process32Next
GetSystemInfo
FindNextFileA
GetModuleHandleA
CreateMutexA
CreateToolhelp32Snapshot
GetVersionExA
GetSystemTime
CreateThread
CreateTimerQueue
CreateDirectoryA
CreateTimerQueueTimer
DeleteTimerQueue
lstrlenA
CopyFileW
LCMapStringW
lstrlenW
FlushFileBuffers
GetCurrentThreadId
lstrcmpA
GetCurrentProcessId
QueryPerformanceCounter
FormatMessageA
GlobalAlloc
FormatMessageW
GetComputerNameExW
GlobalFree
LocalFree
GetFullPathNameA
GetFileAttributesExA
SetFilePointer
InterlockedDecrement
GetSystemDirectoryA
GetCurrentDirectoryW
ProcessIdToSessionId
SetCurrentDirectoryW
GetNativeSystemInfo
lstrcmpiA
GetVersion
LocalAlloc
SuspendThread
ResumeThread
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
VirtualQuery
WriteConsoleW
SetEndOfFile
CreatePipe
GetFileAttributesA
IsValidLocale
CreateMutexW
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineW
HeapSetInformation
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetSystemTimeAsFileTime
DuplicateHandle
RtlUnwind
InitializeCriticalSection
InterlockedExchange
DecodePointer
EncodePointer
InterlockedIncrement
MoveFileExA
GetModuleFileNameA
LocalLock
LocalUnlock
GetDriveTypeA
FindFirstFileExA
ExitThread
EnumSystemLocalesA
GetLocaleInfoW
GetUserDefaultLCID
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
GetConsoleMode
GetConsoleCP
SetStdHandle
DeleteFileW
ExitProcess
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
CreateFileW

user32

wsprintfW
MessageBoxA

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExA
SHCreateDirectoryExW

odbc32

ord29
ord39
ord43
ord36
ord18
ord8
ord4
ord13
ord26
ord72
ord48
ord49
ord3
ord19
ord12
ord16
ord20
ord2
ord1
ord31
ord41
ord9
ord11

shlwapi

PathFindExtensionA
StrTrimA
StrStrIA

netapi32

NetGetJoinInformation
DsGetDcNameA
NetApiBufferFree

oleaut32

SysAllocString
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetLBound
VariantInit
SysAllocStringByteLen
VariantClear
SysStringLen
SysFreeString

Sections

.text
Size: 743KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39c89186772c28e6af2da5abbae4c041

Code Sign

d1:9d:b1:a5:42:ff:d3:d9:9b:83:20:8f:e9:e8:0f:e3Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0c:2e:33:6b:c4:c0:90:69:cd:fa:a4:11:95:87:3c:12:36:73:b2:43:96:46:57:df:b1:94:32:0c:21:51:e7:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

ws2_32

iphlpapi

crypt32

userenv

wtsapi32

winhttp

dclibxml2

kernel32

user32

shell32

odbc32

shlwapi

netapi32

oleaut32

Sections

.text Size: 743KB - Virtual size: 742KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 51KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 43KB - Virtual size: 42KB

d1:9d:b1:a5:42:ff:d3:d9:9b:83:20:8f:e9:e8:0f:e3
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0c:2e:33:6b:c4:c0:90:69:cd:fa:a4:11:95:87:3c:12:36:73:b2:43:96:46:57:df:b1:94:32:0c:21:51:e7:91
Signer

.text
Size: 743KB - Virtual size: 742KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 51KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 43KB - Virtual size: 42KB