bruteratel | 2024-03-07_4159963f9a9705e8c5d8ad40515138d4_mafia_nionspy

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-07_4159963f9a9705e8c5d8ad40515138d4_mafia_nionspy
Size

6.2MB
MD5

4159963f9a9705e8c5d8ad40515138d4
SHA1

58f2a73be010e8020c9f36264cf7131dc34fcd41
SHA256

e2c8ec3e692eff4f2d24d4621912801313d0b0511e322f9d202f369c8b726c1c
SHA512

96a486896b030b8aabcadc1da6b721bcd7813dbadc8fb1f09581612857f70d00284ab9569e67af22982a8e9b698471b07056513607395add6c09a7a835634c2f
SSDEEP

98304:5lyLS7ByfWY7qKp9jx4O15PhHdKocEVJsv6tWKFdu9CP1hx:5lhY7q2MOjZH4kVJsv6tWKFdu9Cvx

Score

10^/10

bruteratel

Malware Config

Signatures

Bruteratel family
bruteratel

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-03-07_4159963f9a9705e8c5d8ad40515138d4_mafia_nionspy

Files

2024-03-07_4159963f9a9705e8c5d8ad40515138d4_mafia_nionspy
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0Parser@QJson@@QAE@XZ
??0ParserRunnable@QJson@@QAE@PAVQObject@@@Z
??0QObjectHelper@QJson@@QAE@XZ
??0Serializer@QJson@@QAE@XZ
??0SerializerRunnable@QJson@@QAE@PAVQObject@@@Z
??1Parser@QJson@@QAE@XZ
??1ParserRunnable@QJson@@UAE@XZ
??1QObjectHelper@QJson@@QAE@XZ
??1Serializer@QJson@@QAE@XZ
??1SerializerRunnable@QJson@@UAE@XZ
??_7ParserRunnable@QJson@@6BQObject@@@
??_7ParserRunnable@QJson@@6BQRunnable@@@
??_7SerializerRunnable@QJson@@6BQObject@@@
??_7SerializerRunnable@QJson@@6BQRunnable@@@
??_FParserRunnable@QJson@@QAEXXZ
??_FSerializerRunnable@QJson@@QAEXXZ
?allowSpecialNumbers@Parser@QJson@@QAEX_N@Z
?allowSpecialNumbers@Serializer@QJson@@QAEX_N@Z
?errorLine@Parser@QJson@@QBEHXZ
?errorString@Parser@QJson@@QBE?AVQString@@XZ
?indentMode@Serializer@QJson@@QBE?AW4IndentMode@2@XZ
?metaObject@ParserRunnable@QJson@@UBEPBUQMetaObject@@XZ
?metaObject@SerializerRunnable@QJson@@UBEPBUQMetaObject@@XZ
?parse@Parser@QJson@@QAE?AVQVariant@@ABVQByteArray@@PA_N@Z
?parse@Parser@QJson@@QAE?AVQVariant@@PAVQIODevice@@PA_N@Z
?parsingFinished@ParserRunnable@QJson@@IAEXABVQVariant@@_NABVQString@@@Z
?parsingFinished@SerializerRunnable@QJson@@IAEXABVQByteArray@@_NABVQString@@@Z
?qobject2qvariant@QObjectHelper@QJson@@SA?AV?$QMap@VQString@@VQVariant@@@@PBVQObject@@ABVQStringList@@@Z
?qt_metacall@ParserRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacall@SerializerRunnable@QJson@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@ParserRunnable@QJson@@UAEPAXPBD@Z
?qt_metacast@SerializerRunnable@QJson@@UAEPAXPBD@Z
?qt_static_metacall@ParserRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qt_static_metacall@SerializerRunnable@QJson@@CAXPAVQObject@@W4Call@QMetaObject@@HPAPAX@Z
?qvariant2qobject@QObjectHelper@QJson@@SAXABV?$QMap@VQString@@VQVariant@@@@PAVQObject@@@Z
?run@ParserRunnable@QJson@@UAEXXZ
?run@SerializerRunnable@QJson@@UAEXXZ
?serialize@Serializer@QJson@@QAE?AVQByteArray@@ABVQVariant@@@Z
?serialize@Serializer@QJson@@QAEXABVQVariant@@PAVQIODevice@@PA_N@Z
?setData@ParserRunnable@QJson@@QAEXABVQByteArray@@@Z
?setDoublePrecision@Serializer@QJson@@QAEXH@Z
?setIndentMode@Serializer@QJson@@QAEXW4IndentMode@2@@Z
?setJsonObject@SerializerRunnable@QJson@@QAEXABVQVariant@@@Z
?specialNumbersAllowed@Parser@QJson@@QBE_NXZ
?specialNumbersAllowed@Serializer@QJson@@QBE_NXZ
?staticMetaObject@ParserRunnable@QJson@@2UQMetaObject@@B
?staticMetaObject@SerializerRunnable@QJson@@2UQMetaObject@@B
?staticMetaObjectExtraData@ParserRunnable@QJson@@0UQMetaObjectExtraData@@B
?staticMetaObjectExtraData@SerializerRunnable@QJson@@0UQMetaObjectExtraData@@B
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?tr@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@ParserRunnable@QJson@@SA?AVQString@@PBD0H@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0@Z
?trUtf8@SerializerRunnable@QJson@@SA?AVQString@@PBD0H@Z

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 43KB - Virtual size: 72KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 185KB - Virtual size: 184KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 43KB - Virtual size: 72KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 185KB - Virtual size: 184KB