Extracted

• • Target

    6d56dd46639fc11b9e6afc6bd9dfc8e4

  • Size

    92KB

  • MD5

    6d56dd46639fc11b9e6afc6bd9dfc8e4

  • SHA1

    4f3dd3cdddf24284cca094e387d63ff897fb54c5

  • SHA256

    c26ac74b7b8058eae09d963b45194c1a18c6099959b603fbe4e88a7a15c6b653

  • SHA512

    494b17dea9978439dc25bf4135fd5c881c8d9f81b50fd5ebcab52f6aecaed84ea6cc6e9935f2ff4dd8a99d906939f7f258d8651378c4acc691c1600680c18bad

  • SSDEEP

    1536:xSquE20GQkV+o7Y5tvIJHz8qFTm5FzWbIa/jtvG+FEUU9lID1WMc7kWg7vrHu6Ot:+pKtvHzXartvG+gba+I7vjx8

  Score

  10^/10

  lummametasploitbackdoorpersistencestealertrojanupx

  • Detect Lumma Stealer payload V4

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2