General
-
Target
5d03e1dc70fc3dd27da5618fb4286845
-
Size
145KB
-
Sample
240115-n113ksgbg4
-
MD5
5d03e1dc70fc3dd27da5618fb4286845
-
SHA1
1038188d122aa9ed61894ee5107f707e35a22142
-
SHA256
4577173c8cfda63dabbf6dbb6f75f70e2f66302c7259481f6c26debabb74177c
-
SHA512
d203292a58410d7b4c5403fd1b42139be4da305d55df9e6fdf0cd5840eb4b21666514a984a5681282d3c2884d9090e3fdf532a194c66407873671e7743d3b6c3
-
SSDEEP
3072:Zca8XVbhrAzkhjpmOEODZrnDrlSipeoUFvh4sAae+nyhLiF7:ZWVbhrAzkRpmOEO2ipeoRaPn+w7
Static task
static1
Behavioral task
behavioral1
Sample
5d03e1dc70fc3dd27da5618fb4286845.exe
Resource
win7-20231215-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
5d03e1dc70fc3dd27da5618fb4286845
-
Size
145KB
-
MD5
5d03e1dc70fc3dd27da5618fb4286845
-
SHA1
1038188d122aa9ed61894ee5107f707e35a22142
-
SHA256
4577173c8cfda63dabbf6dbb6f75f70e2f66302c7259481f6c26debabb74177c
-
SHA512
d203292a58410d7b4c5403fd1b42139be4da305d55df9e6fdf0cd5840eb4b21666514a984a5681282d3c2884d9090e3fdf532a194c66407873671e7743d3b6c3
-
SSDEEP
3072:Zca8XVbhrAzkhjpmOEODZrnDrlSipeoUFvh4sAae+nyhLiF7:ZWVbhrAzkRpmOEO2ipeoRaPn+w7
-
Detect Lumma Stealer payload V4
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-