2024-06-30_1d7ecebf9f69b33ac14c5d3e66936f8a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-30_1d7ecebf9f69b33ac14c5d3e66936f8a_mafia
Size

7.0MB
MD5

1d7ecebf9f69b33ac14c5d3e66936f8a
SHA1

9a93ae3c705734962522b26de191f3122ae2486b
SHA256

07d14eecbd23f8159c4593075e9c90e6aec2d58b0ff5a956c03d619db2a8cd4c
SHA512

60650879016f9fa560a6296a10edb07b3f9bbed8b4354c7c700221bf9f29c54058aa867b590351b1dfec0c9ed1b8ab8caaaf3d2f14a1133a3d4c1ccac929614f
SSDEEP

98304:DDz+jeReeAhCyJHDJQv8kVH0WUjqqTnYRoeEgmn1NX+6fnnXSvPLOqdnIUajv+sa:CjeRlAhCy5dUVx3vinLydZIUaqsa

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-30_1d7ecebf9f69b33ac14c5d3e66936f8a_mafia

Files

2024-06-30_1d7ecebf9f69b33ac14c5d3e66936f8a_mafia
.exe windows:5 windows x86 arch:x86

a102e1d75d563b310da2e99c934fa9e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Piriform\CCleaner\branches\v5.22\bin\CCleaner\Release\CCleaner.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetLocalTime
OutputDebugStringA
GetSystemTimeAsFileTime
DeviceIoControl
FindFirstFileW
FindClose
MoveFileW
GetDiskFreeSpaceW
GetVolumeInformationW
SetFilePointerEx
SetEndOfFile
GetFileAttributesExW
SetFileTime
RemoveDirectoryW
CreateDirectoryW
GetDriveTypeW
GetCompressedFileSizeW
BackupRead
BackupSeek
lstrcmpA
GetFullPathNameW
FindNextFileW
WritePrivateProfileStringW
GetShortPathNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
CopyFileW
IsBadStringPtrW
GetTickCount
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
LoadLibraryA
SystemTimeToFileTime
MoveFileExW
SetProcessWorkingSetSize
GetComputerNameW
CompareFileTime
LocalAlloc
LocalLock
LocalUnlock
GetDateFormatA
GetTimeFormatA
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
DeleteFileA
GetTempPathA
GetDiskFreeSpaceA
CreateFileMappingA
LockFileEx
HeapValidate
GetFileAttributesA
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
GetFullPathNameA
GetThreadTimes
SetEnvironmentVariableA
CreateFileA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
RtlUnwind
GetLogicalDrives
IsDebuggerPresent
UnhandledExceptionFilter
GetStdHandle
GetFileType
WriteConsoleW
HeapSetInformation
ExitProcess
ExitThread
VirtualProtect
AreFileApisANSI
FormatMessageA
CreateWaitableTimerA
WaitForMultipleObjectsEx
TlsSetValue
OpenEventA
WaitForSingleObjectEx
SetWaitableTimer
TlsGetValue
TlsFree
TlsAlloc
GetModuleHandleA
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoW
VerifyVersionInfoW
VerSetConditionMask
GlobalMemoryStatus
GetVersionExA
WaitForMultipleObjects
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
CreateThread
CreateSemaphoreW
ReleaseSemaphore
TerminateThread
VirtualQueryEx
SetUnhandledExceptionFilter
RtlCaptureContext
GetSystemTime
ResumeThread
SuspendThread
GetCurrentProcessId
GetThreadPriority
GetSystemInfo
OpenThread
VirtualProtectEx
VirtualAlloc
SetThreadPriority
InitializeCriticalSection
VirtualFree
GetCurrentThread
VirtualQuery
GetThreadContext
lstrlenA
GlobalHandle
lstrcmpW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetProcessTimes
GetLongPathNameW
SetFilePointer
GetFileSize
ReadFile
GetVersion
CompareStringW
lstrcpyW
GetPrivateProfileStringW
DeleteFileW
LocalFree
FormatMessageW
lstrcpynW
GetVersionExW
MulDiv
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
CreateProcessW
GetStartupInfoW
LoadLibraryW
GetSystemDirectoryW
SetErrorMode
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
FreeLibrary
WriteFile
FlushFileBuffers
GetFileAttributesW
WideCharToMultiByte
CreateMutexW
lstrlenW
GetProcAddress
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetLastError
RaiseException
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
CreateEventA
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedExchange
ResetEvent
SetEvent
CreateEventW
CreateFileW
Sleep
GetLastError
OpenProcess
TerminateProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileMappingW

user32

MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
DestroyAcceleratorTable
wsprintfW
GetForegroundWindow
GetDlgItemInt
GetNextDlgTabItem
SetDlgItemTextW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetShellWindow
GetWindowInfo
SetMenuDefaultItem
LockWindowUpdate
PostQuitMessage
IsDialogMessageW
FindWindowExW
LoadIconW
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
DrawEdge
SetLayeredWindowAttributes
DeleteMenu
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
SetPropW
GetWindowTextLengthW
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
AppendMenuW
GetScrollPos
InvalidateRgn
CreateAcceleratorTableW
EnableScrollBar
GetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
RemovePropW
DrawFrameControl
GetSystemMetrics
GetMonitorInfoW
MonitorFromWindow
LoadBitmapW
GetWindowPlacement
GetWindowRect
SetWindowPos
GetWindowLongW
GetParent
GetWindow
GetDesktopWindow
GetClientRect
MapWindowPoints
UnregisterClassA
SetWindowLongW
SendMessageW
GetDlgItem
ScreenToClient
MoveWindow
GetDC
ReleaseDC
GetWindowTextW
SetWindowTextW
IsWindow
DefWindowProcW
InvalidateRect
BeginPaint
EndPaint
DrawTextW
OffsetRect
GetClassLongW
DrawFocusRect
DestroyIcon
DrawStateW
GetKeyState
GetMessagePos
CreateDialogParamW
FrameRect
DialogBoxParamW
IsChild
ChildWindowFromPoint
GetSysColor
SetRectEmpty
SetCursorPos
InsertMenuW
SystemParametersInfoA
DrawTextExW
GetMenuItemID
UnregisterClassW
CharLowerW
CharLowerA
GetDlgItemTextW
EmptyClipboard
SetClipboardData
WaitForInputIdle
EnumDisplaySettingsW
ExitWindowsEx
GetLastInputInfo
SendMessageTimeoutW
GetAsyncKeyState
GetNextDlgGroupItem
DestroyCursor
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
LoadStringW
WinHelpW
WaitMessage
CreateDialogIndirectParamW
GetCursorPos
CreatePopupMenu
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageA
DispatchMessageA
EnableMenuItem
EnableWindow
BringWindowToTop
UpdateWindow
GetFocus
GetWindowDC
MessageBoxW
PeekMessageW
GetMessageW
GetActiveWindow
PostMessageW
EndDialog
GetDlgCtrlID
PtInRect
RedrawWindow
TrackMouseEvent
GetSystemMenu
TrackPopupMenu
SetForegroundWindow
IsZoomed
SystemParametersInfoW
InflateRect
LoadImageW
CallWindowProcW
ShowWindow
KillTimer
SetTimer
DestroyWindow
FillRect
GetSysColorBrush
ClientToScreen
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DestroyMenu
CopyRect
IsWindowEnabled
CheckDlgButton
IsDlgButtonChecked
GetClassNameW
IsWindowVisible
OpenIcon
FindWindowW
EnumWindows
IsIconic
SetFocus
SetRect
GetCapture
SetCapture
WindowFromPoint
ReleaseCapture
SetCursor
CharNextW
TranslateMessage
DispatchMessageW
RegisterClassW
GetClassInfoW
GetWindowThreadProcessId

gdi32

SelectClipRgn
GetBkColor
GetTextColor
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
GetTextMetricsW
GetTextExtentPoint32W
GetClipBox
CreatePatternBrush
CreateBitmap
PatBlt
GetStockObject
SaveDC
SetDIBColorTable
Rectangle
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDeviceCaps
SetBkMode
GetObjectW
CreateSolidBrush
SetBkColor
ExtTextOutW
SetTextColor
RestoreDC
CreatePen
MoveToEx
LineTo
Ellipse
PolylineTo
UnrealizeObject
GetClipRgn
BeginPath
EndPath
StrokeAndFillPath
CreateRectRgn
CreateDCW
CreateFontIndirectW
StretchBlt
CreateDIBSection
GetDIBColorTable
DeleteDC
TextOutW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderLocation
ExtractIconExW
SHGetFileInfoW
SHEmptyRecycleBinW
SHAddToRecentDocs
ShellExecuteW

shlwapi

PathIsDirectoryEmptyW
PathRemoveExtensionA
PathRemoveExtensionW
PathAddExtensionW
PathStripToRootW
PathSkipRootW
PathRemoveBackslashW
PathCombineW
PathCompactPathW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW
PathFileExistsW
PathMatchSpecW
PathFindExtensionW
PathUnquoteSpacesW
PathStripPathW
SHStrDupW
PathIsURLW
PathCreateFromUrlW
PathStripPathA
PathIsUNCW
PathIsRelativeW
PathFindFileNameW
ord487
StrRetToStrW
PathRemoveArgsW
PathGetDriveNumberW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 351KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a102e1d75d563b310da2e99c934fa9e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

shlwapi

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 856KB - Virtual size: 856KB

.data Size: 351KB - Virtual size: 2.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 856KB - Virtual size: 856KB

.data
Size: 351KB - Virtual size: 2.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB