General

  • Target

    5eca2fbb7c37cb33eb8e0e34fe6e2e21

  • Size

    708KB

  • Sample

    240116-dgz13abger

  • MD5

    5eca2fbb7c37cb33eb8e0e34fe6e2e21

  • SHA1

    708524fb7fea9de952195e5b1abd69892263ba83

  • SHA256

    b52013fb25aa871dd4efab0414c580e31381306049a869840af457546c71e5f8

  • SHA512

    b7ef34d22385fdbadb7a5e71da226625d08ccd6dc58345a1ff1dba7b30ec15e290373c477160ece5ecdb2abfaf3bdf6469c77ef208521207a4d2cee4957e7528

  • SSDEEP

    12288:+I+7B1ITtBX1YEWd+zyKaF0uc+MzeDzzqMAxGZczp5A/yVtKBP8dixRf2f2DDyYc:+t7n+tBXWKjDHeDvqDxvaVmdixROf2h+

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      5eca2fbb7c37cb33eb8e0e34fe6e2e21

    • Size

      708KB

    • MD5

      5eca2fbb7c37cb33eb8e0e34fe6e2e21

    • SHA1

      708524fb7fea9de952195e5b1abd69892263ba83

    • SHA256

      b52013fb25aa871dd4efab0414c580e31381306049a869840af457546c71e5f8

    • SHA512

      b7ef34d22385fdbadb7a5e71da226625d08ccd6dc58345a1ff1dba7b30ec15e290373c477160ece5ecdb2abfaf3bdf6469c77ef208521207a4d2cee4957e7528

    • SSDEEP

      12288:+I+7B1ITtBX1YEWd+zyKaF0uc+MzeDzzqMAxGZczp5A/yVtKBP8dixRf2f2DDyYc:+t7n+tBXWKjDHeDvqDxvaVmdixROf2h+

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks