General
-
Target
5eca2fbb7c37cb33eb8e0e34fe6e2e21
-
Size
708KB
-
Sample
240116-dgz13abger
-
MD5
5eca2fbb7c37cb33eb8e0e34fe6e2e21
-
SHA1
708524fb7fea9de952195e5b1abd69892263ba83
-
SHA256
b52013fb25aa871dd4efab0414c580e31381306049a869840af457546c71e5f8
-
SHA512
b7ef34d22385fdbadb7a5e71da226625d08ccd6dc58345a1ff1dba7b30ec15e290373c477160ece5ecdb2abfaf3bdf6469c77ef208521207a4d2cee4957e7528
-
SSDEEP
12288:+I+7B1ITtBX1YEWd+zyKaF0uc+MzeDzzqMAxGZczp5A/yVtKBP8dixRf2f2DDyYc:+t7n+tBXWKjDHeDvqDxvaVmdixROf2h+
Behavioral task
behavioral1
Sample
5eca2fbb7c37cb33eb8e0e34fe6e2e21.exe
Resource
win7-20231129-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
5eca2fbb7c37cb33eb8e0e34fe6e2e21
-
Size
708KB
-
MD5
5eca2fbb7c37cb33eb8e0e34fe6e2e21
-
SHA1
708524fb7fea9de952195e5b1abd69892263ba83
-
SHA256
b52013fb25aa871dd4efab0414c580e31381306049a869840af457546c71e5f8
-
SHA512
b7ef34d22385fdbadb7a5e71da226625d08ccd6dc58345a1ff1dba7b30ec15e290373c477160ece5ecdb2abfaf3bdf6469c77ef208521207a4d2cee4957e7528
-
SSDEEP
12288:+I+7B1ITtBX1YEWd+zyKaF0uc+MzeDzzqMAxGZczp5A/yVtKBP8dixRf2f2DDyYc:+t7n+tBXWKjDHeDvqDxvaVmdixROf2h+
-
Detect Lumma Stealer payload V4
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies security service
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1