2024-06-16_47030edca89055353a4d23283737fc33_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_47030edca89055353a4d23283737fc33_mafia
Size

994KB
MD5

47030edca89055353a4d23283737fc33
SHA1

4283600ffc52203edaf91465d6bcbd011c308a1c
SHA256

b31adeb7f8df2a7db357e0f2edca190d2d82f918dea0e56b9b2da866e04de145
SHA512

b3e1962434b2de5ea73dbb87895b1b411aff73026a93b6a35fc62f257f79453249df41f7f228ec0322c89a0abd143d3738d4c348d29860d603e7468dc7fd5604
SSDEEP

24576:1iTdytM39Plk8+z1Z/BzRTDQWS+yo4DaKyqbLaTPuZAOXmJ:PtMNWJZ/BzRTsWS+y7aKytT2ZAOXq

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_47030edca89055353a4d23283737fc33_mafia
.exe windows:5 windows x86 arch:x86

39005439c77965198800cc3589aedcbb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/12/2023, 17:00

Not After

09/10/2026, 07:40

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,L=Chennai,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:47:6d:3d:b5:62:74:ea:4f:37:86:51:17:b6:58:2b:db:d0:29:53:1f:a9:00:02:cd:da:50:8d:dd:ea:82:53
Signer

Actual PE Digest

b9:47:6d:3d:b5:62:74:ea:4f:37:86:51:17:b6:58:2b:db:d0:29:53:1f:a9:00:02:cd:da:50:8d:dd:ea:82:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\27-03-2024\WindowsBuilds\DC_NATIVE\8057792\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcwol.pdb

Imports

wsock32

closesocket
socket
WSACleanup
sendto
setsockopt
htons
WSAStartup
ioctlsocket
WSAGetLastError

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSEnumerateSessionsA

netapi32

NetApiBufferFree
NetGetJoinInformation
DsGetDcNameA

iphlpapi

GetAdaptersInfo

winhttp

WinHttpSendRequest
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpQueryOption
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpConnect

dcagenthttp

AgentSendRequestEx

userenv

LoadUserProfileA
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

crypt32

CertEnumCertificatesInStore
CertVerifyTimeValidity
CertNameToStrW
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CryptStringToBinaryA
CertCreateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertOpenStore
PFXImportCertStore
PFXVerifyPassword
CertDeleteCertificateFromStore

dclibxml2

xmlFreeDoc
xmlDocGetRootElement
xmlParseFile
xmlCleanupParser
xmlFree
xmlNodeListGetString
xmlTextReaderGetAttribute
xmlTextReaderAttributeCount
xmlTextReaderValue
xmlTextReaderDepth
xmlTextReaderName
xmlTextReaderRead
xmlFreeTextReader
xmlStrcmp
xmlNewTextReaderFilename
xmlParseMemory

odbc32

ord16
ord12
ord19
ord2
ord41
ord9
ord1
ord20
ord36
ord29
ord39
ord43
ord11
ord18
ord8
ord4
ord13
ord26
ord72
ord48
ord49
ord3
ord31

advapi32

LookupPrivilegeNameA
GetTokenInformation
LookupAccountSidA
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegOpenKeyA
RegEnumKeyA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
LookupPrivilegeValueA
CreateProcessAsUserW
LogonUserA
CreateProcessAsUserA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptDestroyHash
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
ControlService
CryptAcquireContextA
CryptGetUserKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam

shlwapi

PathFindExtensionA
StrTrimA
StrStrIA

shell32

SHCreateDirectoryExA
SHCreateDirectoryExW

kernel32

QueryPerformanceCounter
LocalAlloc
GetFullPathNameA
GetFileAttributesExA
ResumeThread
SuspendThread
lstrcmpW
DisconnectNamedPipe
GetSystemDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryW
SetLastError
ProcessIdToSessionId
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineW
HeapSetInformation
RtlUnwind
HeapFree
GetFileInformationByHandle
PeekNamedPipe
GetFileType
LocalLock
MoveFileExA
InterlockedIncrement
InterlockedExchange
HeapAlloc
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoW
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
GetDriveTypeA
FindFirstFileExA
ExitThread
GetCPInfo
GetModuleHandleW
ExitProcess
CompareStringW
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
SetHandleCount
GetStdHandle
GetStartupInfoW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetStdHandle
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
WriteConsoleW
GetDriveTypeW
VirtualQuery
LocalUnlock
GetLastError
SetCurrentDirectoryW
SetFilePointer
CreateNamedPipeA
ConnectNamedPipe
GetModuleFileNameA
LoadLibraryW
CreateFileW
CopyFileW
GetCurrentProcessId
CreateDirectoryW
FlushFileBuffers
DeleteFileW
lstrlenA
GlobalAlloc
GlobalFree
FormatMessageW
FormatMessageA
LocalFree
GetComputerNameExW
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
Sleep
SizeofResource
MultiByteToWideChar
SetEnvironmentVariableA
LockResource
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetCurrentProcess
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetFileSize
CreateFileA
RemoveDirectoryA
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
GetTickCount
ReadFile
WriteFile
SetDllDirectoryA
InterlockedDecrement
SystemTimeToFileTime
ReleaseMutex
WaitForSingleObject
CreateMutexA
DeleteTimerQueue
CreateTimerQueue
CopyFileA
GetFileSizeEx
CreateTimerQueueTimer
CreateDirectoryA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetLocalTime
GetSystemTime
GetEnvironmentVariableA
GetLocaleInfoA
FreeLibrary
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateThread
GetSystemInfo
FindFirstFileW
lstrlenW
GetCurrentThreadId

user32

MessageBoxA
wsprintfW

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39005439c77965198800cc3589aedcbb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b9:47:6d:3d:b5:62:74:ea:4f:37:86:51:17:b6:58:2b:db:d0:29:53:1f:a9:00:02:cd:da:50:8d:dd:ea:82:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

wtsapi32

netapi32

iphlpapi

winhttp

dcagenthttp

userenv

crypt32

dclibxml2

odbc32

advapi32

shlwapi

shell32

kernel32

user32

ole32

oleaut32

Sections

.text Size: 696KB - Virtual size: 695KB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 51KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 67KB - Virtual size: 66KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b9:47:6d:3d:b5:62:74:ea:4f:37:86:51:17:b6:58:2b:db:d0:29:53:1f:a9:00:02:cd:da:50:8d:dd:ea:82:53
Signer

.text
Size: 696KB - Virtual size: 695KB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 51KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 67KB - Virtual size: 66KB