2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit
Size

1.6MB
MD5

0c487ce5916b8baeb7b233a3776f24ef
SHA1

612a8f233bb6365859fd036c77e22ee25902081d
SHA256

b856be4654e62b6faa5f4a81f6d6a4ea9d79a7d930c46e3d94afbc9a403796d3
SHA512

c53b089cba0789030110ce368570033b8a0b625a1424de632fd80b02f8e59d4e1d37c05c72cf0bfa779cb525e13a2c5d36bc5e2a381cdd6ca54981998d13cf1c
SSDEEP

49152:/oTfSbJYz+fgs5W7xBJmMcBXyP1EnbHWNu3n:Qk8JmMcNHnbHx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit

Files

2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit
.exe windows:6 windows x86 arch:x86

d425c021d6bbb5d758d7caeb7bda154e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Git\Bukken\KVS\OSS\KVRecorder\Recorder\KvRecorderCore\Release\winvnc.pdb

Imports

wsock32

ioctlsocket
gethostbyname
gethostname

ws2_32

getaddrinfo

winmm

timeGetTime
timeSetEvent
timeKillEvent

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock

shfolder

SHGetFolderPathA

kernel32

Process32Next
SetCurrentDirectoryA
CreateFileA
GetFileSize
GetSystemInfo
CreateDirectoryA
FlushFileBuffers
GetFileAttributesA
ReadFile
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileTime
SetErrorMode
GetSystemTime
GetTickCount
MoveFileExA
GetComputerNameA
SystemTimeToFileTime
TerminateProcess
CreateThread
GetCurrentThread
SetThreadPriority
CreateProcessA
SetProcessShutdownParameters
GetStdHandle
FormatMessageA
GetTempPathA
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
ResetEvent
CreateDirectoryW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
WriteConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetACP
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameW
SetStdHandle
GetTimeZoneInformation
RaiseException
SetFilePointerEx
GetConsoleMode
Process32First
WriteFile
GetModuleHandleExW
ExitProcess
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoA
GetDriveTypeW
CreateFileW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateEventW
EncodePointer
MultiByteToWideChar
FormatMessageW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateSemaphoreA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
ReleaseSemaphore
DuplicateHandle
GetFileType
lstrcatA
lstrlenA
lstrcpynA
lstrcmpiA
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
GetLocaleInfoA
FileTimeToSystemTime
GetVolumeInformationA
SetVolumeLabelA
DosDateTimeToFileTime
GetOEMCP
GetLocalTime
LocalFileTimeToFileTime
GetFullPathNameA
GetFileTime
GetDriveTypeA
FileTimeToLocalFileTime
lstrcpyA
GetConsoleCP
CreateToolhelp32Snapshot
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
WinExec
GetModuleHandleA
GetCurrentThreadId
GlobalFree
GlobalUnlock
GlobalLock
GetExitCodeProcess
GetCurrentProcessId
Sleep
OpenEventA
CreateEventA
SetEvent
OutputDebugStringA
VerSetConditionMask
GetCurrentProcess
SetLastError
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CreateMutexA
WaitForSingleObject
ReleaseMutex
WritePrivateProfileStructA
GetPrivateProfileStructA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
DeleteCriticalSection
PeekNamedPipe
InitializeCriticalSectionAndSpinCount
GlobalAlloc
WideCharToMultiByte
CopyFileA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetLastError
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
MoveFileExW
FindFirstFileExA
SetConsoleCtrlHandler
WaitForSingleObjectEx
RemoveDirectoryW
HeapSize
FindFirstFileExW
FindNextFileW
IsValidCodePage
ReadConsoleW

user32

ExitWindowsEx
OpenWindowStationA
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
SetWindowTextA
SetFocus
SendDlgItemMessageA
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
DestroyIcon
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableWindow
GetDlgItem
MapVirtualKeyA
VkKeyScanA
ToAscii
GetAsyncKeyState
GetKeyState
SetRect
WaitMessage
PeekMessageA
GetIconInfo
DrawIconEx
GetClassNameA
WindowFromPoint
EmptyClipboard
GetClipboardData
SetClipboardData
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
CloseClipboard
OpenClipboard
IsWindowVisible
DestroyWindow
IsWindow
LoadStringA
PostMessageA
RegisterWindowMessageA
EnumDesktopWindows
OpenDesktopA
GetCursorPos
keybd_event
GetKeyboardState
MessageBeep
SetActiveWindow
FlashWindow
SetForegroundWindow
SetDlgItemTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
ReleaseDC
GetDC
GetWindowRect
MessageBoxA
GetWindowThreadProcessId
FindWindowA
wsprintfA
SystemParametersInfoA
UnregisterClassA
GetForegroundWindow
LoadImageA
LoadIconA
LoadCursorA
IsRectEmpty
AdjustWindowRect
GetSystemMetrics
KillTimer
SetTimer
SetWindowPos
ShowWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
SendMessageA
SetWindowLongA
GetWindowLongA
WaitForInputIdle
OemToCharA
CharToOemA
wvsprintfA
DestroyMenu

gdi32

GetBitmapBits
GdiFlush
SetDIBColorTable
CreateDIBSection
SelectPalette
RealizePalette
GetPixel
GetDeviceCaps
CreatePalette
CreateCompatibleBitmap
BitBlt
ExtEscape
GetSystemPaletteEntries
StretchBlt
SetBkMode
SelectObject
PatBlt
GetStockObject
GetDIBits
GetClipBox
DeleteObject
DeleteDC
CreateSolidBrush
CreateDCA
CreateCompatibleDC
GetObjectA

advapi32

GetSecurityDescriptorLength
SetKernelObjectSecurity
IsValidSid
IsValidSecurityDescriptor
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetKernelObjectSecurity
DeleteService
CreateServiceA
RegCreateKeyExA
LookupPrivilegeValueA
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
CreateProcessAsUserA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegCreateKeyA
LookupAccountSidA
GetUserNameA
QueryServiceStatus

shell32

SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetMalloc
SHFileOperationA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 974KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d425c021d6bbb5d758d7caeb7bda154e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

ws2_32

winmm

version

userenv

shfolder

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 974KB - Virtual size: 973KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 14KB - Virtual size: 439KB

.gfids Size: 2KB - Virtual size: 2KB

.rsrc Size: 365KB - Virtual size: 365KB

.reloc Size: 44KB - Virtual size: 43KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 974KB - Virtual size: 973KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 14KB - Virtual size: 439KB

.gfids
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 365KB - Virtual size: 365KB

.reloc
Size: 44KB - Virtual size: 43KB

.rmnet
Size: 56KB - Virtual size: 60KB