2024-08-18_3edf78f2ea8a4532d2b92926f35618f7_hijackloader_karagany_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-18_3edf78f2ea8a4532d2b92926f35618f7_hijackloader_karagany_mafia_revil
Size

3.1MB
MD5

3edf78f2ea8a4532d2b92926f35618f7
SHA1

3c9e79c7b65570a0a6b77086a4000cfe7f6e16c5
SHA256

6f2435c92ff52540367d28d99afb4d6184ed5e081f7c3953235b79e0ebe11d3e
SHA512

aba080a9343677714bc3e72f66695bec63f9ca82c902476a5d51330a7bf327faad2583e1a3dac64ea97a56129afe4094345f24382b48a06d9756779b202fd5a7
SSDEEP

98304:Vg0EWak8xj8MrNYPZbY54maDmvpOL9bZQ/pJ:Vg0EB8Mrsb8Kmvpk9bO/v

Score

1^/10

Malware Config

Signatures

Files

2024-08-18_3edf78f2ea8a4532d2b92926f35618f7_hijackloader_karagany_mafia_revil
.exe windows:5 windows x86 arch:x86

cb9740959ed41c8097cea841d9e6e4de

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/12/2023, 17:00

Not After

09/10/2026, 07:40

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,L=Chennai,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:42:07:5c:b9:29:2a:6a:f4:1d:98:b8:d3:1e:57:da:f3:3f:71:9d:92:9e:14:26:98:e2:d4:4f:e2:40:e3:6f
Signer

Actual PE Digest

7c:42:07:5c:b9:29:2a:6a:f4:1d:98:b8:d3:1e:57:da:f3:3f:71:9d:92:9e:14:26:98:e2:d4:4f:e2:40:e3:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\13-08-2024\WindowsBuilds\DC_NATIVE\8894969\desktopcentral\ONPREMISE\REMCOM_BUILD\RemCom\Release\RemCom.pdb

Imports

mpr

WNetCancelConnection2A
WNetAddConnection2A

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CryptMsgClose
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

ws2_32

getaddrinfo
inet_ntoa
accept
listen
closesocket
htons
bind
setsockopt
connect
send
WSASetLastError
recv
freeaddrinfo
getservbyname
getnameinfo
WSAStartup
WSAGetLastError
ntohs
getsockname
WSACleanup
gethostbyname
getsockopt
socket
ioctlsocket

kernel32

FormatMessageA
HeapFree
GetProcessHeap
HeapAlloc
SetConsoleMode
GetConsoleMode
ReadConsoleA
GetStdHandle
CopyFileA
GetCurrentDirectoryA
FindResourceA
Sleep
WaitNamedPipeA
SetConsoleTitleA
GetCurrentProcessId
ExitThread
SetConsoleCursorPosition
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
WaitForSingleObject
CreateProcessA
GetTickCount
SetLastError
GetComputerNameA
SetConsoleCtrlHandler
InterlockedDecrement
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
GetModuleHandleExW
GetEnvironmentVariableW
GetModuleHandleW
GetFileType
GetVersion
TlsGetValue
InterlockedCompareExchange
TlsSetValue
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateFiber
SwitchToFiber
DeleteFiber
FormatMessageW
ReadConsoleW
ConvertThreadToFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryW
LocalFree
FindFirstFileW
FindNextFileW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
CreateMutexW
GetSystemInfo
CreateEventW
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GetTempPathW
GetSystemDirectoryW
GetLongPathNameW
FindClose
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
MoveFileExW
CopyFileW
SetFileAttributesW
SetFileTime
GetFileAttributesExW
GetFileAttributesW
TryEnterCriticalSection
SetThreadPriority
SetEvent
GetExitCodeThread
VirtualQuery
SetEndOfFile
lstrlenA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetEnvironmentVariableA
GetModuleFileNameA
DeleteFileA
WriteFile
GetVersionExA
CreateFileA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLocaleInfoA
GetUserDefaultLCID
GetFileSize
ReadFile
GetLastError
CloseHandle
LoadLibraryA
FindFirstFileA
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
ExitProcess
ResumeThread
CreateThread
MoveFileA
GetCommandLineA
HeapSetInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapCreate
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
FatalAppExitA
GetConsoleCP
FlushFileBuffers
SetFilePointer
GetModuleFileNameW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetStringTypeW

user32

GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SetUserObjectSecurity

advapi32

EqualSid
CryptGetUserKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptSetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RevertToSelf
EnumDependentServicesA
ControlService
QueryServiceStatusEx
ImpersonateLoggedOnUser
CreateProcessAsUserA
AddAccessAllowedAce
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
LogonUserA
CreateProcessWithLogonW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA
OpenServiceA
CreateServiceA
CloseServiceHandle
StartServiceA
GetLengthSid
CopySid
OpenProcessToken
GetTokenInformation
CryptAcquireContextA
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHCreateDirectoryExA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb9740959ed41c8097cea841d9e6e4de

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7c:42:07:5c:b9:29:2a:6a:f4:1d:98:b8:d3:1e:57:da:f3:3f:71:9d:92:9e:14:26:98:e2:d4:4f:e2:40:e3:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

crypt32

ws2_32

kernel32

user32

advapi32

shell32

iphlpapi

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 516KB - Virtual size: 516KB

.data Size: 27KB - Virtual size: 67KB

.rsrc Size: 180KB - Virtual size: 180KB

.reloc Size: 103KB - Virtual size: 103KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7c:42:07:5c:b9:29:2a:6a:f4:1d:98:b8:d3:1e:57:da:f3:3f:71:9d:92:9e:14:26:98:e2:d4:4f:e2:40:e3:6f
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 516KB - Virtual size: 516KB

.data
Size: 27KB - Virtual size: 67KB

.rsrc
Size: 180KB - Virtual size: 180KB

.reloc
Size: 103KB - Virtual size: 103KB