Resubmissions
19-01-2024 11:53
240119-n2fg9sdcfn 10General
-
Target
678ecc3dcdd53cc473b46135f1a835c0
-
Size
448KB
-
MD5
678ecc3dcdd53cc473b46135f1a835c0
-
SHA1
fa4896777711fbb6b30295559b2b5f746c79c0aa
-
SHA256
3855e92b67e0d1cf777e54c6a36d5315bdc89dc7dcfbe3f79620ef675e20025e
-
SHA512
f17cb45dd4c8d4e198fffe9ed1cc65936a032e08f646fd96957e3b61870a4913990de3b54dd5474dab29175bbf64ff66981cb0664c61cd6fbc0f8373b7837b05
-
SSDEEP
12288:vurmdaxE/IJDiLRy2pBbeqd5+vxE4H9V7ZU6O:JdaxEwGRBfuHL9U6O
Malware Config
Signatures
-
Detect Lumma Stealer payload V4 1 IoCs
resource yara_rule static1/unpack002/out.upx family_lumma_v4 -
Lumma family
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule static1/unpack001/Project VDC.dll acprotect -
resource yara_rule static1/unpack001/Project VDC.dll upx static1/unpack001/Project VDC.exe upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Project VDC.dll unpack002/out.upx unpack001/Project VDC.exe
Files
-
678ecc3dcdd53cc473b46135f1a835c0.rar
-
Project VDC.dll.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
UPX0 Size: - Virtual size: 424KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 135KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 288KB - Virtual size: 286KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 182KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Project VDC.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 192KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 235KB - Virtual size: 236KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
binds/binds_cstrike.cfg
-
binds/binds_czero.cfg
-
binds/binds_dod.cfg
-
binds/binds_ns.cfg
-
binds/binds_nsp.cfg
-
binds/binds_tfc.cfg
-
binds/binds_ts.cfg
-
binds/binds_valve.cfg
-
colors.cfg
-
cvars/cvar_cstrike.cfg
-
cvars/cvar_czero.cfg
-
cvars/cvar_default.cfg
-
cvars/cvar_dod.cfg
-
cvars/cvar_ns.cfg
-
cvars/cvar_nsp.cfg
-
cvars/cvar_tfc.cfg
-
cvars/cvar_ts.cfg
-
cvars/cvar_valve.cfg
-
hlss/3Inposition.wav
-
main.cfg
-
menus/menu_cstrike.txt
-
menus/menu_czero.txt
-
menus/menu_default.txt
-
menus/menu_dod.txt
-
menus/menu_ns.txt
-
menus/menu_nsp.txt
-
menus/menu_tfc.txt
-
menus/menu_ts.txt
-
menus/menu_valve.txt
-
misc/version.ini
-
readme.txt