2024-06-16_d66c66831b9570bccf108f91b04f454d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_d66c66831b9570bccf108f91b04f454d_mafia
Size

3.7MB
MD5

d66c66831b9570bccf108f91b04f454d
SHA1

56bb6b140a3ca9db89cf9836afe3cb4a4ef857a7
SHA256

508516a0492ef9183f725c3096dac643070c2d43274e69dbc4a5eac0218fd2b8
SHA512

400d7cd2f72a58bf7881b1157664c8ef4408c9c2713a3c495eaceb9324c04eb8cd82ca0f8539559ae630322b8aa1022f95cda6e26ad38913e9454b6aab855124
SSDEEP

49152:rAh3qaVvOioCBA64X11P0bD/+YD6NlhnPHghwbj8wm8PF5hW73JwoPgZVZbuzhzv:01qkJZ4X/sbD/6PHg6bjskFf5oPgZV2

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_d66c66831b9570bccf108f91b04f454d_mafia

Files

2024-06-16_d66c66831b9570bccf108f91b04f454d_mafia
.exe windows:5 windows x86 arch:x86

14d39bf913e4aed9f3d82f4f0fc07383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Piriform\CCleaner\trunk\bin\CCleaner\Release\CCleaner.pdb

Imports

rpcrt4

UuidFromStringA

kernel32

RtlCaptureContext
SetUnhandledExceptionFilter
VirtualQueryEx
TerminateThread
ReleaseSemaphore
CreateSemaphoreW
ResumeThread
CreateThread
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
WaitForMultipleObjects
GetTimeFormatA
SetEnvironmentVariableA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
FlushFileBuffers
GetOEMCP
GetACP
HeapCreate
GetStdHandle
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
ExitThread
GetLogicalDrives
HeapSetInformation
CreateWaitableTimerA
SetWaitableTimer
TlsSetValue
OpenEventA
TlsGetValue
TlsFree
TlsAlloc
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
BackupSeek
BackupRead
GetCompressedFileSizeW
SetFilePointerEx
DeviceIoControl
LocalAlloc
SetFileTime
DeleteFileA
AreFileApisANSI
GetTempPathA
GetCurrentProcessId
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
GetDiskFreeSpaceW
LockFileEx
GetFileAttributesA
FormatMessageA
UnlockFileEx
GetTickCount
LockFile
UnlockFile
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileA
GetFullPathNameA
lstrcmpA
SetProcessWorkingSetSize
SetEndOfFile
lstrlenA
MoveFileExW
SystemTimeToFileTime
GetSystemTime
MoveFileW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
QueryPerformanceCounter
QueryPerformanceFrequency
MulDiv
GetCommandLineW
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
SetThreadPriority
CopyFileW
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationW
GetDriveTypeW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetShortPathNameW
IsBadStringPtrW
GetEnvironmentVariableW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
InterlockedExchange
GetLastError
SetLastError
RaiseException
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
LoadResource
LockResource
SizeofResource
CreateEventA
CloseHandle
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
SetErrorMode
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
GetUserDefaultLangID
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetLocaleInfoW
GetSystemTimeAsFileTime
OutputDebugStringA
InitializeCriticalSection
GetLocalTime
GetModuleFileNameA
VerifyVersionInfoW
VerSetConditionMask
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
LoadLibraryA
GetModuleHandleA
Sleep
GetProcessTimes
SetFilePointer
GetFileSize
ReadFile
GlobalAlloc
GlobalUnlock
GlobalLock
GetVersion
LocalFree
ExitProcess
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
ResetEvent
SetEvent
OpenProcess
TerminateProcess
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
GetDateFormatA

user32

EmptyClipboard
EnumDisplaySettingsW
SendMessageTimeoutW
ExitWindowsEx
GetWindowThreadProcessId
UnregisterClassW
CharLowerW
CharLowerA
GetDlgItemTextW
SetRect
GetActiveWindow
SetFocus
IsIconic
EnumWindows
SetForegroundWindow
OpenIcon
IsWindowVisible
ShowWindow
EndDialog
GetDlgItem
MapWindowPoints
GetClientRect
GetDesktopWindow
GetWindow
GetParent
SetWindowPos
UnregisterClassA
GetWindowRect
SetClipboardData
LoadBitmapW
WaitForInputIdle
MonitorFromWindow
GetMonitorInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetMenuItemID
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetForegroundWindow
GetDlgItemInt
GetNextDlgTabItem
CloseClipboard
OpenClipboard
IsDlgButtonChecked
SetMenuDefaultItem
InvalidateRect
BeginPaint
EndPaint
SetActiveWindow
LockWindowUpdate
PostQuitMessage
IsZoomed
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
GetScrollPos
GetMessagePos
IsChild
ChildWindowFromPoint
GetCapture
SetCapture
SetRectEmpty
SetCursorPos
TrackPopupMenu
DestroyMenu
GetCursorPos
CreatePopupMenu
EnableMenuItem
GetSystemMenu
BringWindowToTop
UpdateWindow
GetDlgCtrlID
KillTimer
SetTimer
IsWindowEnabled
DispatchMessageA
GetMessageA
MsgWaitForMultipleObjects
GetSysColorBrush
MoveWindow
DestroyWindow
TranslateMessage
DrawEdge
DrawFocusRect
FrameRect
FillRect
ScreenToClient
GetDC
CopyRect
GetFocus
GetKeyState
GetSysColor
GetIconInfo
IsWindow
DestroyCursor
DestroyIcon
OffsetRect
InflateRect
ReleaseDC
GetWindowDC
SetCursor
PtInRect
ReleaseCapture
WindowFromPoint
ClientToScreen
RedrawWindow
DrawTextExW

gdi32

DeleteObject
DeleteDC
SelectObject
BitBlt
CreateCompatibleDC
CreateDIBSection
StretchBlt
GetDIBColorTable
SetViewportOrgEx
CreateCompatibleBitmap
SetBkMode
SetTextColor
CreateSolidBrush
CreatePen
SetBkColor
GetClipRgn
SelectClipRgn
ExcludeClipRect
MoveToEx
LineTo
BeginPath
EndPath
StrokeAndFillPath
CreateRectRgnIndirect
CombineRgn
CreateRectRgn
GetStockObject
GetDeviceCaps
SaveDC
RestoreDC
PatBlt
CreateBitmap
CreatePatternBrush
GetClipBox
Ellipse
PolylineTo

advapi32

CryptAcquireContextA
CloseEventLog
EqualSid
OpenThreadToken
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetTokenInformation
OpenProcessToken
RegCloseKey
CryptReleaseContext
CryptGenRandom
LookupAccountSidW
GetLengthSid
CopySid
LookupAccountNameW
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetFileSecurityW
DuplicateToken
MapGenericMask
AccessCheck
RegEnumValueW
RegNotifyChangeKeyValue
RegLoadKeyW
RegUnLoadKeyW
LookupPrivilegeNameW
OpenEventLogW
ClearEventLogW
FreeSid

ole32

CLSIDFromString
CoUninitialize
CoInitialize
PropVariantClear
CoInitializeEx
CoSetProxyBlanket
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
ReleaseStgMedium
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeSecurity

oleaut32

VarBstrFromR8
VariantInit
VariantClear
SysAllocStringLen
VariantTimeToSystemTime
VariantChangeType
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr

shlwapi

StrRetToStrW
PathFindFileNameW
PathCreateFromUrlW
PathIsURLW
PathIsRelativeW
PathIsUNCW
PathStripPathA
PathUnquoteSpacesW
PathRemoveArgsW
PathFindExtensionW
PathStripPathW
SHStrDupW
PathCombineW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddExtensionW
PathStripToRootW
PathSkipRootW
PathRemoveBackslashW
PathGetDriveNumberW
PathCompactPathW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathMatchSpecW
PathIsDirectoryEmptyW

comctl32

ImageList_GetIcon
ImageList_Draw
_TrackMouseEvent
ImageList_SetImageCount
ImageList_LoadImageW
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
ImageList_Remove
ImageList_GetImageInfo
ImageList_Replace
ImageList_Duplicate
ImageList_SetIconSize
ImageList_GetIconSize

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetLocalGroupGetMembers

crypt32

CertCloseStore
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject
CryptMsgClose
CryptDecodeObject
CryptMsgGetParam

wintrust

WinVerifyTrust

esent

JetCloseTable
JetCloseDatabase
JetEndSession
JetSetSystemParameter
JetGetDatabaseFileInfo
JetCreateInstance2
JetInit2
JetBeginSession
JetCreateDatabase2
JetAttachDatabase2
JetOpenDatabase
JetOpenTable
JetSetCurrentIndex4
JetMove
JetEnumerateColumns
JetBeginTransaction
JetDelete
JetCommitTransaction
JetRollback
JetDeleteTable
JetTerm2

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d39bf913e4aed9f3d82f4f0fc07383

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

wtsapi32

netapi32

crypt32

wintrust

esent

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 635KB - Virtual size: 635KB

.data Size: 172KB - Virtual size: 194KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 517KB - Virtual size: 517KB

.reloc Size: 215KB - Virtual size: 214KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 635KB - Virtual size: 635KB

.data
Size: 172KB - Virtual size: 194KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 517KB - Virtual size: 517KB

.reloc
Size: 215KB - Virtual size: 214KB