mirai | Desktop[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.rar
Size

1.2MB
MD5

5949c4453beb3c797b69b975108dd038
SHA1

8fea051115bddf3145ab931cc1b87116716b7d55
SHA256

101709ca246d0ef5a9dad2f4fcaadc6325f122563636e340ebe692f5c3c7f371
SHA512

b2c5ec567cb0706556d37c4d383f9fc07e23830c3942169e7f028faf46cb78e7c2b3bd64e228e44648aa14f285432315c7d4179f9724eef0a03b871b2ef1cfc5
SSDEEP

24576:BeT08n0CGcYZb11ehW1CIzWWC/NsBeNhEXaHzxf6Ay6/SMz5wvXm2+yljdVXb3m:IQ80CGcYxsLIzWWYsBHatfh/b1cmRyZa

Score

10^/10

mirai

Malware Config

Signatures

Mirai family
mirai

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/29d7ce5a27c3b1f26db84d5c6e0ae0899c3bf7bc1c345ac89cfb38c7e7baba53
unpack001/bec046135e9d128cf6021e387a8d8b7aab1f703b44564b53c54e422da2cf5bbe
unpack001/bf71b1cf3516a2ad02efdda83c6f902e7139db69c1035a7e653ed09f5d27cbbc
unpack001/e270915d93536de8953dcf4001c4aa95e9b3c3ead079dbde425d65e1f7237efa

Files

Desktop.rar
.rar
29d7ce5a27c3b1f26db84d5c6e0ae0899c3bf7bc1c345ac89cfb38c7e7baba53
.exe windows:5 windows x86 arch:x86

46ad3d954e527f769e37017b3e128039

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetLastError
FindClose
LocalAlloc
GetLogicalDriveStringsW
LocalFree
CreateThread
ExpandEnvironmentStringsW
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
CreateProcessW
SetFilePointer
GetDriveTypeW
FindFirstFileW
CreateMutexW
GetFileSize
GetEnvironmentVariableW
FindNextFileW
ExitProcess
GetConsoleCP
GetCommandLineW
IsProcessorFeaturePresent
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
LoadLibraryExW
RtlUnwind
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW
CloseHandle

user32

wsprintfW

advapi32

RegCloseKey
CryptGenRandom
RegCreateKeyW
CryptAcquireContextW
RegSetValueExW

ntdll

RtlAdjustPrivilege
NtDelayExecution
NtClose

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5826edef54998a8812124bbddc1942c9ff42992bdd1d5dd3395df71b7bb4c709
.rar
AWB20240425-GW036A.vbs
.vbs
7cd4bfb3b0e27989012024605cc453dbc8a226b413d84e2560ae4af70d0dc238
.elf linux x86
bec046135e9d128cf6021e387a8d8b7aab1f703b44564b53c54e422da2cf5bbe
.exe windows:5 windows x86 arch:x86

6dca3e9fb3928bbdb54dbce669943ec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
GetFileSize
ReadFile
WriteFile
Sleep
GetComputerNameA
GetModuleFileNameW
CreateProcessW
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
SetEndOfFile
SetStdHandle
WriteConsoleW
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathIsRootW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bf71b1cf3516a2ad02efdda83c6f902e7139db69c1035a7e653ed09f5d27cbbc
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e270915d93536de8953dcf4001c4aa95e9b3c3ead079dbde425d65e1f7237efa
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46ad3d954e527f769e37017b3e128039

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 12KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

6dca3e9fb3928bbdb54dbce669943ec8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

shlwapi

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 184KB - Virtual size: 206KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 10KB - Virtual size: 10KB

Headers

File Characteristics

Sections

.text Size: 116KB - Virtual size: 116KB

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

.text Size: 130KB - Virtual size: 130KB

.rsrc Size: 512B - Virtual size: 512B

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 184KB - Virtual size: 206KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 512B - Virtual size: 512B