bruteratel | 2024-02-04_70fac399723e7094dacb0ff2dd2d54c6_mafia_nionspy

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-04_70fac399723e7094dacb0ff2dd2d54c6_mafia_nionspy
Size

6.2MB
MD5

70fac399723e7094dacb0ff2dd2d54c6
SHA1

4c263d6c7bb1762f25ff1d31761aac0397b98513
SHA256

97a4ea50edef26eb28c3bc52306d2d564507aa99ba672ff03f648f5f3a49dc49
SHA512

7e09f8a4dba9d8302ad23531db55e2e8b9fe949e03d32f5fbc552a1de6ef179937d7a1b62690181b8b1df9ab057a759ab9ef764e75d5f828621d39624acb7447
SSDEEP

98304:4X5L+7INFWm2qLUOmBlj15AiHp6BPNrJsv6tWKFdu9CzSce:4Xgm2qw3jjLH87rJsv6tWKFdu9CQ

Score

10^/10

bruteratel

Malware Config

Signatures

Bruteratel family
bruteratel

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-04_70fac399723e7094dacb0ff2dd2d54c6_mafia_nionspy

Files

2024-02-04_70fac399723e7094dacb0ff2dd2d54c6_mafia_nionspy
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0Parser@QJson@@QAE@XZ
??0ParserRunnable@QJson@@QAE@PAVQObject@@@Z
??0QObjectHelper@QJson@@QAE@XZ
??0Serializer@QJson@@QAE@XZ
??0SerializerRunnable@QJson@@QAE@PAVQObject@@@Z
??1Parser@QJson@@QAE@XZ
??1ParserRunnable@QJson@@UAE@XZ
??1QObjectHelper@QJson@@QAE@XZ
??1Serializer@QJson@@QAE@XZ
??1SerializerRunnable@QJson@@UAE@XZ
??_7ParserRunnable@QJson@@6BQObject@@@
??_7ParserRunnable@QJson@@6BQRunnable@@@
??_7SerializerRunnable@QJson@@6BQObject@@@
??_7SerializerRunnable@QJson@@6BQRunnable@@@
??_FParserRunnable@QJson@@QAEXXZ
??_FSerializerRunnable@QJson@@QAEXXZ
?allowSpecialNumbers@Parser@QJson@@QAEX_N@Z
?allowSpecialNumbers@Serializer@QJson@@QAEX_N@Z
?errorLine@Parser@QJson@@QBEHXZ
?errorString@Parser@QJson@@QBE?AVQString@@XZ
?indentMode@Serializer@QJson@@QBE?AW4IndentMode@2@XZ
?metaObject@ParserRunnable@QJson@@UBEPBUQMetaObject@@XZ
?metaObject@SerializerRunnable@QJson@@UBEPBUQMetaObject@@XZ
?parse@Parser@QJson@@QAE?AVQVariant@@ABVQByteArray@@PA_N@Z
?parse@Parser@QJson@@QAE?AVQVariant@@PAVQIODevice@@PA_N@Z
?parsingFinished@ParserRunnable@QJson@@IAEXABVQVariant@@_NABVQString@@@Z
?parsingFinished@SerializerRunnable@QJson@@IAEXABVQByteArray@@_NABVQString@@@Z
?qobject2qvariant@QObjectHelper@QJson@@SA?AV?$QMap@VQString@@VQVariant@@@@PBVQObject@@ABVQStringList@@@Z
?qt_metacall@ParserRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacall@SerializerRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@ParserRunnable@QJson@@UAEPAXPBD@Z
?qt_metacast@SerializerRunnable@QJson@@UAEPAXPBD@Z
?qt_static_metacall@ParserRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qt_static_metacall@SerializerRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qvariant2qobject@QObjectHelper@QJson@@SAXABV?$QMap@VQString@@VQVariant@@@@PAVQObject@@@Z
?run@ParserRunnable@QJson@@UAEXXZ
?run@SerializerRunnable@QJson@@UAEXXZ
?serialize@Serializer@QJson@@QAE?AVQByteArray@@ABVQVariant@@@Z
?serialize@Serializer@QJson@@QAEXABVQVariant@@PAVQIODevice@@PA_N@Z
?setData@ParserRunnable@QJson@@QAEXABVQByteArray@@@Z
?setDoublePrecision@Serializer@QJson@@QAEXH@Z
?setIndentMode@Serializer@QJson@@QAEXW4IndentMode@2@@Z
?setJsonObject@SerializerRunnable@QJson@@QAEXABVQVariant@@@Z
?specialNumbersAllowed@Parser@QJson@@QBE_NXZ
?specialNumbersAllowed@Serializer@QJson@@QBE_NXZ
?staticMetaObject@ParserRunnable@QJson@@2UQMetaObject@@B
?staticMetaObject@SerializerRunnable@QJson@@2UQMetaObject@@B
?staticMetaObjectExtraData@ParserRunnable@QJson@@0UQMetaObjectExtraData@@B
?staticMetaObjectExtraData@SerializerRunnable@QJson@@0UQMetaObjectExtraData@@B
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 43KB - Virtual size: 72KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 185KB - Virtual size: 184KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 43KB - Virtual size: 72KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 185KB - Virtual size: 184KB