Behavioral task
behavioral1
Sample
2024-05-25_b755585442762f612c639bb632fe2849_mafia.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-05-25_b755585442762f612c639bb632fe2849_mafia.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-25_b755585442762f612c639bb632fe2849_mafia
-
Size
325KB
-
MD5
b755585442762f612c639bb632fe2849
-
SHA1
d49fca29ecfef197692b2b3bb4044da755991938
-
SHA256
8ad2a280549654595ac12f9edffe388e30de1dc0519d2776f2e3073f80b2e171
-
SHA512
1ca53ed458d607fbfbf88f6b947aaaa488e8e5751e6a39d6b5af82ae5523468dcea0b5652f272e8f0b7910e0425e72d267aad6613519b2f8c5eaf820ae740728
-
SSDEEP
6144:Sqp6sa5DRt6hcI5qsAx9YBsv1qTYrPU0VNcvwCM:SqpDa5rAqsoCsv1qTYrB0vtM
Malware Config
Signatures
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
Processes:
resource yara_rule sample INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs -
Vidar family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-05-25_b755585442762f612c639bb632fe2849_mafia
Files
-
2024-05-25_b755585442762f612c639bb632fe2849_mafia.exe windows:5 windows x86 arch:x86
7d5f144cebb6b682277beb2bf08fbd99
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
GetLogicalProcessorInformationEx
FindFirstFileW
HeapAlloc
FindNextFileW
CloseHandle
Sleep
SetEndOfFile
lstrlenA
CreateFileW
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
ExitProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
ole32
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
oleaut32
VariantInit
VariantClear
SysAllocString
SysFreeString
crypt32
CryptStringToBinaryA
Sections
.text Size: 243KB - Virtual size: 242KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ