2024-01-27_538984514558e5479a3d5a54273910f0_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-27_538984514558e5479a3d5a54273910f0_mafia
Size

25.0MB
MD5

538984514558e5479a3d5a54273910f0
SHA1

0e0ad6ed106dae1674840ab05fed3879f0e889a1
SHA256

6096b06031beff797b5c0ff3b61fbc26c1920484be5f5a09467fca2f26f0ff0c
SHA512

d04b473c916672d184496eca6b52c533e4bafab91a175a726493306464a9e78853b9e4154ecd169a28f1be2bf0c102add534271903712d9911ef72517e3717f8
SSDEEP

786432:1E8A49FVb/r1pq7gucPzCbYIDHF++fAEE1ZPHjBB:1EaFVjrvee++WcZvjBB

Score

10^/10

Malware Config

Signatures

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_538984514558e5479a3d5a54273910f0_mafia

Files

2024-01-27_538984514558e5479a3d5a54273910f0_mafia
.exe windows:5 windows x86 arch:x86

5a9b4bd6ef1f979c3b94f90692015257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
InternetCloseHandle
InternetSetOptionW
InternetOpenUrlW

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
ReleaseSemaphore
CreateEventA
HeapAlloc
TerminateProcess
OpenProcess
CreateSemaphoreW
Sleep
lstrcpynW
InterlockedExchange
TlsFree
SetEvent
TlsAlloc
GetSystemTimeAsFileTime
LoadLibraryW
WaitForSingleObject
MoveFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CreateEventW
WriteFile
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryA
HeapValidate
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileW
CreateFileA
AreFileApisANSI
InitializeCriticalSection
InterlockedCompareExchange
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
FreeLibrary
GlobalAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
WriteConsoleW
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
SetHandleCount
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetConsoleMode
GetConsoleCP
ExitProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ExitThread
RtlUnwind
ResumeThread
TlsSetValue
ResetEvent
OpenEventA
TlsGetValue
FindNextFileW
FindFirstFileW
CopyFileW
RemoveDirectoryW
FindClose
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
DecodePointer
EncodePointer
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GlobalLock
GlobalUnlock
GetModuleFileNameW
WideCharToMultiByte
MulDiv
lstrcmpW
CompareStringW
lstrcpyW
GetCurrentThreadId
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
CloseHandle
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
LocalFree
GetACP
lstrlenW
MoveFileExW
GetLastError
SetLastError
GetModuleHandleW
IsProcessorFeaturePresent
InterlockedPushEntrySList
lstrlenA
CreateDirectoryW
GetExitCodeProcess
FreeResource
FindResourceExW
LockResource
GetBinaryTypeW
GetVersionExW
GetProcAddress
SetEnvironmentVariableA

user32

SetWindowLongW
LoadStringW
LoadStringA
UnregisterClassA
wsprintfW
GetWindowLongW
DefWindowProcW
CharNextW
SetRectEmpty
BeginPaint
DestroyWindow
SetWindowTextW
SetCursor
GetWindowTextLengthW
SendMessageW
GetClientRect
ScreenToClient
UpdateWindow
DrawFocusRect
CreateWindowExW
GetCursorPos
InvalidateRect
IsWindowEnabled
SetCapture
EndPaint
GetDC
ReleaseDC
ReleaseCapture
SetFocus
GetParent
GetDlgCtrlID
IsWindow
SetWindowPos
FillRect
DrawTextW
PtInRect
GetWindowTextW
RegisterWindowMessageW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetActiveWindow
PeekMessageW
ShowWindow
GetSystemMetrics
LoadImageW
IsDialogMessageW
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
MessageBoxW
KillTimer
SetTimer
EndDialog
GetCapture
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
GetDlgItem
IsChild
RedrawWindow
InvalidateRgn
ClientToScreen
MoveWindow
DialogBoxParamW
GetClassNameW
LoadCursorW
GetSysColor
GetFocus
OffsetRect
CallWindowProcW

gdi32

DPtoLP
SetViewportOrgEx
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
GetStockObject
CreateFontIndirectW
DeleteDC
GetObjectW
SetBkMode
SelectObject
DeleteObject
SetTextColor
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteKeyW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
FindExecutableW
CommandLineToArgvW

ole32

CoUninitialize
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoGetClassObject
CoInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromCLSID
CoCreateGuid
OleInitialize

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
VariantClear

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

urlmon

CoInternetParseUrl

ws2_32

WSACleanup
WSAStartup

gdiplus

GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectI
GdipFree
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipAlloc
GdiplusShutdown

psapi

EnumProcesses
GetModuleBaseNameW

crypt32

CryptProtectData
CryptUnprotectData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23.4MB - Virtual size: 23.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a9b4bd6ef1f979c3b94f90692015257

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

ws2_32

gdiplus

psapi

crypt32

version

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 255KB - Virtual size: 255KB

.data Size: 29KB - Virtual size: 48KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 23.4MB - Virtual size: 23.4MB

.reloc Size: 139KB - Virtual size: 138KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 255KB - Virtual size: 255KB

.data
Size: 29KB - Virtual size: 48KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 23.4MB - Virtual size: 23.4MB

.reloc
Size: 139KB - Virtual size: 138KB