2024-04-11_a48116cdb51bfdd56010921aebbf3524_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_a48116cdb51bfdd56010921aebbf3524_mafia
Size

1.7MB
MD5

a48116cdb51bfdd56010921aebbf3524
SHA1

b1b3e63302350f0034a0bd76e92f7ca4d21c6d64
SHA256

418e3666f07e3bd7ada177f7cb0e23d17fce60b041a26ca3aa65d6e6b22e6994
SHA512

266944e4729a999d0a0f0013f759cb36a8dad96be49460a43133eed402d0d6b0fab3bddb1f61c2ed6c04e31666aebf09816c407fa48a6dcd875686db513979a1
SSDEEP

49152:E7ucjwnXVSVHwsTko8BCJ+N9pC53KL7wN5vPZc/iotxgzTJ0yDQnTECL:MjaVSVHwsmCJ+PpC53KLUNhPZwtxgzTv

Score

10^/10

Malware Config

Signatures

Detects executables calling ClearMyTracksByProcess 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_ClearMyTracksByProcess

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-11_a48116cdb51bfdd56010921aebbf3524_mafia

Files

2024-04-11_a48116cdb51bfdd56010921aebbf3524_mafia
.exe windows:5 windows x86 arch:x86

8f3e13b4b146b03debe834735d976007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetOEMCP
IsValidCodePage
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
GetCPInfo
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetFileSize
lstrlenA
GetStdHandle
IsDebuggerPresent
GetConsoleCP
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetLocalTime
lstrcatA
ReadFile
VirtualAlloc
GetFileAttributesA
GetEnvironmentVariableA
MultiByteToWideChar
GetModuleFileNameA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
GetLastError
GetCurrentProcess
lstrcpyA
TerminateThread
GlobalAlloc
GlobalUnlock
GlobalLock
CreateThread
LocalFree
LocalSize
LocalAlloc
GetPrivateProfileStringA
InterlockedExchange
GetTickCount
DeleteFileA
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
HeapAlloc
GetProcessHeap
InterlockedDecrement
CreateEventA
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
FreeLibrary
LoadLibraryW
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
ExitThread
VirtualQuery
HeapReAlloc
HeapFree
RaiseException
DecodePointer
RtlUnwind
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
lstrcpyW
FreeResource
GlobalFindAtomW
GetVersionExW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GlobalDeleteAtom
GetUserDefaultUILanguage
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
CreateFileW
lstrcmpiW
GlobalAddAtomW
GlobalFlags
lstrcmpW
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
CompareStringW
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
InterlockedIncrement
GetModuleHandleW
WideCharToMultiByte
SetLastError
GlobalFree
CopyFileW
GlobalSize
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
MulDiv
ResetEvent
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetCurrentProcessId
OutputDebugStringA
ExitProcess
GetShortPathNameA
SetFileAttributesA
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
ResumeThread
SetUnhandledExceptionFilter
SetErrorMode
GetVersionExA
GetSystemInfo
Sleep

user32

PostThreadMessageW
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
GetKeyNameTextW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
LoadMenuW
SetClassLongW
WindowFromPoint
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageW
CopyImage
GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
SetCapture
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
IntersectRect
DestroyMenu
GetMenuItemInfoW
InflateRect
KillTimer
SetTimer
InvalidateRect
DeleteMenu
ShowOwnedPopups
SetCursor
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
WaitMessage
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
wsprintfA
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageW
SetWindowPos
MoveWindow
SetWindowLongW
IsWindow
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExW
CallNextHookEx
GetMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetWindowRgn
MessageBoxA
UnpackDDElParam
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
OpenClipboard
ShowWindow
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
GetCapture
GetDoubleClickTime
FindWindowA
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenInputDesktop
OpenDesktopA
GetClassNameA
GetWindow
SetProcessWindowStation
OpenWindowStationA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
PtInRect
GetClassNameW
GetWindowRect
GetDlgCtrlID
ClientToScreen
RealChildWindowFromPoint
GetDesktopWindow
GetFocus
DestroyIcon
CharUpperW
ValidateRect
GetCursorPos
PeekMessageW
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage

gdi32

BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextExtentPoint32W
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetBkColor
GetWindowExtEx
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
GetDeviceCaps
DeleteObject
CreateDCW
CopyMetaFileW
CreatePalette

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

advapi32

RegSetValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
GetUserNameA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderW
ShellExecuteExA
SHGetKnownFolderPath
ShellExecuteA
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderPathA
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder

ole32

CreateStreamOnHGlobal
CoInitializeEx
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
DoDragDrop
CoCreateInstance
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
CoInitialize

oleaut32

VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VarBstrFromDate
SysAllocString
VariantClear
VariantInit
SysFreeString

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathStripPathA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

iphlpapi

GetIfTable

ws2_32

gethostname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
closesocket
shutdown
WSAGetLastError
send
getsockname

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipSetInterpolationMode
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipDrawImageI

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f3e13b4b146b03debe834735d976007

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

imm32

wininet

iphlpapi

ws2_32

oleacc

gdiplus

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 293KB - Virtual size: 292KB

.data Size: 27KB - Virtual size: 62KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 167KB - Virtual size: 166KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 293KB - Virtual size: 292KB

.data
Size: 27KB - Virtual size: 62KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 167KB - Virtual size: 166KB