mafiaware666 | 936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12

Sharing

Copy URL

Twitter E-mail

General

Target

936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12
Size

3.4MB
MD5

2934910d0947504c29a5c4cc438b1ad1
SHA1

d65721473f8436968b252efe564ba8709a5d24cc
SHA256

936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12
SHA512

07514bc98028923e53cc0a9c1fb385440948a1770e86dfb9a417fe0f7f96ddf218e0a7a0697c91fca9fbabb442ad3d55e808f5fc2825ef860519e831a22b12ae
SSDEEP

24576:po/CW54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKQ:/IAWjdAp1PagjLuSh3i+FtvkMzT+

Score

10^/10

mafiaware666 modiloader makop

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
sample	family_mafiaware666

Detects command variations typically used by ransomware 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENRansomware

Detects executables packed with ConfuserEx Mod 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_ConfuserEx

MAKOP ransomware payload 1 IoCs

resource	yara_rule
sample	family_makop

Mafiaware666 family
mafiaware666
Makop family
makop

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12

Files

936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12
.exe windows:4 windows x86 arch:x86

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetModuleHandleA
DuplicateHandle
ExitProcess
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetFileType
PeekNamedPipe

user32

wsprintfA
GetShellWindow
wsprintfW
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
DrawTextA
GetDC

gdi32

CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
DeleteDC
SetTextColor
GetObjectW
GetDeviceCaps
GetDIBits

advapi32

CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

msimg32

GradientFill

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

msimg32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 72KB

.ndata Size: 11KB - Virtual size: 10KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 72KB

.ndata
Size: 11KB - Virtual size: 10KB