2024-06-08_86e1c4d82695056724a22d5905fb2a3e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-08_86e1c4d82695056724a22d5905fb2a3e_mafia
Size

1.6MB
MD5

86e1c4d82695056724a22d5905fb2a3e
SHA1

93900a5f052faec77803a97f280d4ddd8247a191
SHA256

b9d8bd45fe792dd92b117a3eff688c9040d80fc2bd172069fa1759ff7855dd0b
SHA512

9b57d0b6d98734d9e4e1d12e74b76f1d88d8eec8c57942a78bb11c543151f73073f2c605a2ed1992f888ddc05e614431a1fbec51f5be69419a77d1b845b83ec8
SSDEEP

49152:itNmZy5Amc5K1mmUxa/rHmphel2gymk3J8o2CpRxPGkcWeoFCQ69Ki23wTsd:E5U5K1mmUxaqphe0gymk3e9qjcWeqY9+

Score

10^/10

Malware Config

Signatures

Detects executables calling ClearMyTracksByProcess 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_ClearMyTracksByProcess

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_86e1c4d82695056724a22d5905fb2a3e_mafia

Files

2024-06-08_86e1c4d82695056724a22d5905fb2a3e_mafia
.exe windows:5 windows x86 arch:x86

aac0eff963335d99578422c73ca11d15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
GetStdHandle
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
CloseHandle
WriteFile
SetFilePointer
CreateFileA
GetFileSize
lstrlenA
IsDebuggerPresent
UnhandledExceptionFilter
GetConsoleCP
IsProcessorFeaturePresent
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitThread
GetModuleFileNameA
GetSystemDirectoryA
GetLocalTime
ReadFile
GetEnvironmentVariableA
MultiByteToWideChar
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
GetLastError
GetCurrentProcess
lstrcpyA
TerminateThread
GetFileAttributesA
lstrcatA
GetTickCount
DeleteFileA
GetProcAddress
LoadLibraryA
VirtualAlloc
GlobalAlloc
GlobalUnlock
GlobalLock
CreateThread
InterlockedExchange
LocalFree
LocalSize
LocalAlloc
GetPrivateProfileStringA
WaitForSingleObject
SetEvent
HeapAlloc
GetProcessHeap
InterlockedDecrement
lstrcmpiA
GetCurrentThreadId
CreateEventA
GetModuleHandleA
FreeLibrary
LoadLibraryW
GetDiskFreeSpaceExA
GetDriveTypeA
VirtualQuery
HeapReAlloc
HeapFree
RaiseException
DecodePointer
RtlUnwind
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetCurrentDirectoryW
lstrcpyW
FreeResource
GlobalFindAtomW
GetVersionExW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GlobalDeleteAtom
GetUserDefaultUILanguage
GetLocaleInfoW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
CreateFileW
lstrcmpiW
GlobalAddAtomW
GlobalFlags
lstrcmpW
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
CompareStringW
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
InterlockedIncrement
GetModuleHandleW
WideCharToMultiByte
SetLastError
GlobalFree
CopyFileW
GlobalSize
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
MulDiv
ResetEvent
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateMutexA
GetCurrentProcessId
OutputDebugStringA
ExitProcess
SetPriorityClass
SetThreadPriority
ResumeThread
SetUnhandledExceptionFilter
SetErrorMode
GetVersionExA
GetSystemInfo
GlobalMemoryStatusEx
Sleep

user32

PostThreadMessageW
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
GetKeyNameTextW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
LoadMenuW
SetClassLongW
WindowFromPoint
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageW
CopyImage
GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
SetCapture
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
IntersectRect
DestroyMenu
GetMenuItemInfoW
InflateRect
KillTimer
SetTimer
InvalidateRect
DeleteMenu
ShowOwnedPopups
SetCursor
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
WaitMessage
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
wsprintfA
GetWindowTextA
GetForegroundWindow
MessageBoxA
GetKeyState
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageW
SetWindowPos
MoveWindow
SetWindowLongW
IsWindow
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExW
CallNextHookEx
GetMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetWindowRgn
GetAsyncKeyState
ReuseDDElParam
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
OpenClipboard
ShowWindow
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
GetCapture
GetDoubleClickTime
FindWindowA
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenInputDesktop
OpenDesktopA
GetClassNameA
GetWindow
SetProcessWindowStation
OpenWindowStationA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
PtInRect
GetClassNameW
GetWindowRect
GetDlgCtrlID
ClientToScreen
RealChildWindowFromPoint
GetDesktopWindow
GetFocus
DestroyIcon
CharUpperW
ValidateRect
GetCursorPos
PeekMessageW
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage

gdi32

BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectW
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextExtentPoint32W
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetBkColor
GetWindowExtEx
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
DeleteObject
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreatePalette

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetFileTitleW

advapi32

RegSetValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
GetUserNameA
RegOpenKeyA
RegQueryValueExA

shell32

SHBrowseForFolderW
ShellExecuteExA
ShellExecuteA
SHGetKnownFolderPath
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderPathA
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder

ole32

CreateStreamOnHGlobal
CoInitializeEx
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
DoDragDrop
CoCreateInstance
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
ReleaseStgMedium
CoInitialize

oleaut32

VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VarBstrFromDate
SysAllocString
VariantInit
SysFreeString
VariantClear

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathStripPathA

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

iphlpapi

GetIfTable

ws2_32

gethostname
WSAStartup
closesocket
shutdown
send
WSACleanup
WSAGetLastError
recv
select
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
getsockname

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipSetInterpolationMode
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipDrawImageI

winmm

PlaySoundW

Exports

Exports

pcap_breakloop
pcap_close
pcap_compile
pcap_datalink
pcap_findalldevs
pcap_freealldevs
pcap_loop
pcap_open_live
pcap_setfilter

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aac0eff963335d99578422c73ca11d15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

imm32

iphlpapi

ws2_32

oleacc

gdiplus

winmm

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 287KB - Virtual size: 287KB

.data Size: 28KB - Virtual size: 65KB

.reloc Size: 166KB - Virtual size: 166KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 287KB - Virtual size: 287KB

.data
Size: 28KB - Virtual size: 65KB

.reloc
Size: 166KB - Virtual size: 166KB