General

  • Target

    5d03e1dc70fc3dd27da5618fb4286845

  • Size

    145KB

  • Sample

    240115-n113ksgbg4

  • MD5

    5d03e1dc70fc3dd27da5618fb4286845

  • SHA1

    1038188d122aa9ed61894ee5107f707e35a22142

  • SHA256

    4577173c8cfda63dabbf6dbb6f75f70e2f66302c7259481f6c26debabb74177c

  • SHA512

    d203292a58410d7b4c5403fd1b42139be4da305d55df9e6fdf0cd5840eb4b21666514a984a5681282d3c2884d9090e3fdf532a194c66407873671e7743d3b6c3

  • SSDEEP

    3072:Zca8XVbhrAzkhjpmOEODZrnDrlSipeoUFvh4sAae+nyhLiF7:ZWVbhrAzkRpmOEO2ipeoRaPn+w7

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      5d03e1dc70fc3dd27da5618fb4286845

    • Size

      145KB

    • MD5

      5d03e1dc70fc3dd27da5618fb4286845

    • SHA1

      1038188d122aa9ed61894ee5107f707e35a22142

    • SHA256

      4577173c8cfda63dabbf6dbb6f75f70e2f66302c7259481f6c26debabb74177c

    • SHA512

      d203292a58410d7b4c5403fd1b42139be4da305d55df9e6fdf0cd5840eb4b21666514a984a5681282d3c2884d9090e3fdf532a194c66407873671e7743d3b6c3

    • SSDEEP

      3072:Zca8XVbhrAzkhjpmOEODZrnDrlSipeoUFvh4sAae+nyhLiF7:ZWVbhrAzkRpmOEO2ipeoRaPn+w7

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Windows security bypass

    • Modifies Windows Firewall

    • Deletes itself

    • Executes dropped EXE

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks