metasploit | 2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber
Size

22.7MB
MD5

0178d22ec86dd92c1cd8e0ba2ac223e5
SHA1

30025465a07d50a21b8dda66b4591f545c35989d
SHA256

b52c47e114f8e8523dfb634146a4bf8bb54d639d3e733d7b3afe7cfb623208cc
SHA512

0c2075ac382e3c31eaac831e6225bc5cf96e4971d0779e636215fce16b2acecd6d6fb7722877e2139190331e6c4443c92a16bf51816748a6a1e322263dd9c9bf
SSDEEP

196608:49uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0yVejN2DaVCjRgo5wwDScTLKdJ4I:49pWH5/+dBJXTzrWH5/+dBJXTz

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.1.26:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber

Files

2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber
.exe windows:4 windows x86 arch:x86

425a93f0bf37ad9c39ca7d12aa5f118e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
WSAIoctl
accept
bind
closesocket
ioctlsocket
getsockopt
setsockopt
socket
htons
WSAStartup
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
ntohs
ntohl
inet_ntoa
inet_addr
WSAGetLastError
htonl
getsockname
getpeername
WSASocketW
WSADuplicateSocketW
WSAConnect

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add

kernel32

GetProcAddress
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
ResetEvent
CreateEventW
GetComputerNameW
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemTimeAsFileTime
GetModuleHandleW
ExpandEnvironmentStringsW
SetEvent
RtlCaptureStackBackTrace
GetModuleHandleExW
GetStdHandle
GetFileType
AllocConsole
FreeConsole
GetConsoleMode
ReadConsoleW
WriteConsoleW
WaitForMultipleObjects
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetHandleInformation
SetHandleInformation
GetTimeFormatW
GetDateFormatW
GetSystemDirectoryA
LoadLibraryA
GetVersionExW
GlobalLock
GlobalAlloc
GlobalFree
GlobalSize
HeapSize
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
DecodePointer
HeapReAlloc
SetEnvironmentVariableW
GetFileSizeEx
FlushFileBuffers
SetConsoleCtrlHandler
GetConsoleOutputCP
SetFilePointerEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetCurrentThread
DuplicateHandle
WriteFile
ExitProcess
ReadFile
LoadLibraryExW
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReOpenFile
LocalAlloc
MultiByteToWideChar
SetErrorMode
FindNextFileW
FindFirstFileW
FindClose
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryFullProcessImageNameW
GetModuleFileNameW
CreateFileW
SearchPathW
LoadLibraryExA
OutputDebugStringW
GetCurrentProcess
GetCurrentProcessId
SetStdHandle
FindResourceW
SizeofResource
LockResource
LoadResource
GetUserDefaultLCID
GetLocaleInfoW
CreateProcessW
GetCommandLineW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemInfo
WideCharToMultiByte
GetTempPathW
MoveFileW
LocalFree
SetLastError
SetFilePointer
SetEndOfFile
RemoveDirectoryW
GetFileAttributesExW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
FormatMessageW
FreeLibrary
GetSystemDirectoryW
GetProcessId
GetLastError
CloseHandle
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
CancelIo
OpenProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateThread
TerminateThread
ResumeThread
GetThreadTimes
VirtualProtect
VirtualQuery
GlobalUnlock

user32

EnumDisplaySettingsW
ChangeDisplaySettingsExW
GetNextDlgTabItem
ScrollWindowEx
RedrawWindow
KillTimer
SetTimer
DefDlgProcW
IsIconic
DestroyWindow
CreateWindowExW
ScreenToClient
RegisterClipboardFormatW
DefWindowProcW
IsWindowVisible
GetMessagePos
GetDoubleClickTime
CreateMenu
SetMenu
SetMenuDefaultItem
SetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
DeleteMenu
GetMenuItemCount
CheckMenuItem
DestroyMenu
CreatePopupMenu
GetMenuState
GetKeyboardLayout
GetWindowThreadProcessId
GetOpenClipboardWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDialogMessageW
DestroyIcon
EnumChildWindows
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
SetParent
GetClassNameW
IsWindowEnabled
PostMessageW
GetCursor
GetScrollInfo
SetScrollInfo
OffsetRect
AdjustWindowRectEx
GetCursorPos
InvalidateRect
GetWindowTextLengthW
GetWindowTextW
GetClipboardData
LoadIconW
GetDesktopWindow
SetWindowLongW
MapWindowPoints
ClientToScreen
GetWindowRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
EnableWindow
ReleaseCapture
SetCapture
GetKeyState
GetDlgCtrlID
GetWindowPlacement
SetWindowPos
ShowWindow
IsChild
GetMessageW
GetComboBoxInfo
GetWindowDC
GetAncestor
SystemParametersInfoW
GetWindowLongW
InflateRect
FrameRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
SetCursor
GetClientRect
DrawTextW
GetFocus
SendMessageW
DrawFrameControl
SetFocus
LoadCursorW
MsgWaitForMultipleObjects
PeekMessageW
GetSystemMetrics
ReleaseDC
GetDC
DispatchMessageW
TranslateMessage
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
ToUnicodeEx
GetKeyboardLayoutList
GetAsyncKeyState
ToAsciiEx
VkKeyScanExA
VkKeyScanExW
keybd_event
MapVirtualKeyW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
WindowFromPoint
CreateIconIndirect
GetParent
CallWindowProcW
UnregisterClassW
RegisterClassExW

gdi32

GetDeviceCaps
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetCharWidthW
CreateSolidBrush
DeleteObject
CreatePen
LineTo
PatBlt
SetBkColor
CreateCompatibleBitmap
DeleteDC
GetPixel
BitBlt
CreateCompatibleDC
CreateDCW
GetClipBox
StretchBlt
SetWindowOrgEx
CreateBitmap
GdiAlphaBlend
CreateDIBSection
SetDIBColorTable
CreateFontIndirectW
GetTextExtentPoint32W
SetMapMode
GetDIBits
GetObjectW
MoveToEx
GetTextMetricsW
ExcludeClipRect

shell32

ShellExecuteW
SHGetKnownFolderPath
SHGetFileInfoW
ord74
SHFileOperationW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
OleInitialize
RegisterDragDrop
DoDragDrop
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
OleUninitialize

oleaut32

SysAllocString
SysFreeString

advapi32

GetUserNameW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
CreateProcessWithLogonW
LogonUserW
SetSecurityInfo
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
MakeSelfRelativeSD
MakeAbsoluteSD
InitializeSecurityDescriptor
GetSecurityDescriptorLength
GetSecurityDescriptorControl
SetEntriesInAclW
InitializeAcl
GetAclInformation
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetTokenInformation
GetSidIdentifierAuthority
CreateProcessAsUserW
OpenProcessToken
AllocateAndInitializeSid
CopySid
EqualSid
FreeSid
GetLengthSid

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

425a93f0bf37ad9c39ca7d12aa5f118e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

comctl32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 19KB - Virtual size: 28KB

.rsrc Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 63KB - Virtual size: 62KB

.text Size: 1024B - Virtual size: 796B

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 10.6MB - Virtual size: 10.6MB

.reloc Size: 63KB - Virtual size: 62KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 19KB - Virtual size: 28KB

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 63KB - Virtual size: 62KB

.text
Size: 1024B - Virtual size: 796B

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 10.6MB - Virtual size: 10.6MB

.reloc
Size: 63KB - Virtual size: 62KB