2024-04-23_31af635667c6f0b8a50ee8ae68ca66b1_ironstealer_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_31af635667c6f0b8a50ee8ae68ca66b1_ironstealer_mafia
Size

4.0MB
MD5

31af635667c6f0b8a50ee8ae68ca66b1
SHA1

28845dafb26ab1779829c17ece8d20cbdbe60f06
SHA256

a495fb4d347be895b52c615e450088585cdba6ffe37d10f880e56dd0a4ed152f
SHA512

ed82b71b902b0801821bbf0dbc98ba4a796bc84c3ba6addd4c732d24b7e4d81ae1f7adc85ef74ff41cf8cd16a167edc673f8808852e2ffd2665c61a6d8fbad93
SSDEEP

98304:4sDcG1w2Xh9SLpIWIEE8ZM8BtfbsoItIzbiVpa7RtkymILIZIBOaVlz4SEEy9TGQ:RDcG1w2Xh9SLpIWIEE8ZM8BtfbsoItI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_31af635667c6f0b8a50ee8ae68ca66b1_ironstealer_mafia

Files

2024-04-23_31af635667c6f0b8a50ee8ae68ca66b1_ironstealer_mafia
.exe windows:5 windows x86 arch:x86

159ba8ef6c3a8633f8bf56838dc101fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmNotifyIME
ImmGetOpenStatus
ImmAssociateContext
ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext
ImmGetCandidateListA

ws2_32

WSARecv
freeaddrinfo
WSACleanup
getaddrinfo
WSAStartup
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
gethostbyname
inet_ntoa
WSAEnumNetworkEvents
WSAEventSelect
WSACloseEvent
WSACreateEvent
inet_addr
WSASend
WSAAccept
bind
listen
connect
getsockopt
ioctlsocket
setsockopt
closesocket
WSASocketA
WSAGetLastError
getpeername

kernel32

HeapCreate
WaitForSingleObject
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
CloseHandle
CreateFileA
GetFileSize
SetFilePointer
lstrlenA
WriteFile
ReadFile
GetSystemDirectoryA
CopyFileA
GetLocalTime
MoveFileA
DeleteFileA
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GlobalUnlock
SetCurrentDirectoryA
GetLastError
GlobalFree
GetModuleFileNameA
CreateMutexA
GetCurrentDirectoryA
MulDiv
GetFileAttributesA
CreateDirectoryA
GetModuleHandleA
GetCurrentProcessId
GetTickCount
GetVersionExA
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetSystemTime
DeviceIoControl
GetVersion
DuplicateHandle
InterlockedCompareExchange
GetStdHandle
GetSystemTimeAsFileTime
TerminateThread
ResumeThread
SleepEx
ReleaseMutex
CreateEventA
SignalObjectAndWait
SetEvent
QueryPerformanceCounter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
HeapReAlloc
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetModuleHandleW
GetModuleFileNameW
GetFileType
WriteConsoleW
RtlUnwind
CreateThread
ExitThread
HeapAlloc
SetEnvironmentVariableA
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringW
MultiByteToWideChar

user32

UnionRect
SetRectEmpty
OffsetRect
LoadCursorA
CreateWindowExA
MessageBoxA
GetWindow
LoadImageA
GetSystemMetrics
RegisterClassExA
AdjustWindowRectEx
ShowWindow
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
InvalidateRect
ShowCursor
GetUpdateRect
BeginPaint
ScreenToClient
PeekMessageA
MsgWaitForMultipleObjects
ClientToScreen
TranslateMessage
DispatchMessageA
GetKeyState
SetRect
GetFocus
IntersectRect
UpdateWindow
IsRectEmpty
EndPaint
SetCursor
GetWindowRect
PostQuitMessage
FillRect
SetForegroundWindow
LoadIconA
EnumDisplaySettingsA
FindWindowExA
SetFocus
CopyRect

gdi32

DeleteDC
DeleteObject
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
SelectObject
GetTextExtentPoint32A
CreateDIBSection
SetBkMode
SetTextColor
TextOutA
SetDIBitsToDevice
GetStockObject

advapi32

RegCloseKey
CryptGenRandom
RegCreateKeyExA
CryptGetHashParam
CryptReleaseContext
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA

shell32

ShellExecuteA

ole32

CoUninitialize

shlwapi

PathFileExistsA

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA

winmm

timeGetTime

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

159ba8ef6c3a8633f8bf56838dc101fe

Headers

DLL Characteristics

File Characteristics

Imports

imm32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wininet

winmm

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 25KB - Virtual size: 48KB

.tls Size: 512B - Virtual size: 213B

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 92KB - Virtual size: 92KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 25KB - Virtual size: 48KB

.tls
Size: 512B - Virtual size: 213B

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 92KB - Virtual size: 92KB