General
-
Target
a4bdf08099f23da066d81eddb1c229d1
-
Size
119KB
-
Sample
240225-2a4yfaea97
-
MD5
a4bdf08099f23da066d81eddb1c229d1
-
SHA1
bcd16532c813e5ba009d4d3cd246796d3ffb7a45
-
SHA256
6a3faf643c2c33f48b0e59c9edb14baebbf9ce1678aed83727106b739f0cafcb
-
SHA512
b5cca53eab5ff8db14cb53262de2dda2730f8149b51366a55bd4bef3c4501e594000edc4695ca61154e768609be0333898a9586f2840df6a23aaa54cd0abc69e
-
SSDEEP
3072:hIZopSB/iLm7CEdYVgfIYCBP04+i6Hz3qFlhH0ytpAGf:VpSBt7CE+gfIhM4l6Hz3qFlJ0cei
Static task
static1
Behavioral task
behavioral1
Sample
a4bdf08099f23da066d81eddb1c229d1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4bdf08099f23da066d81eddb1c229d1.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
a4bdf08099f23da066d81eddb1c229d1
-
Size
119KB
-
MD5
a4bdf08099f23da066d81eddb1c229d1
-
SHA1
bcd16532c813e5ba009d4d3cd246796d3ffb7a45
-
SHA256
6a3faf643c2c33f48b0e59c9edb14baebbf9ce1678aed83727106b739f0cafcb
-
SHA512
b5cca53eab5ff8db14cb53262de2dda2730f8149b51366a55bd4bef3c4501e594000edc4695ca61154e768609be0333898a9586f2840df6a23aaa54cd0abc69e
-
SSDEEP
3072:hIZopSB/iLm7CEdYVgfIYCBP04+i6Hz3qFlhH0ytpAGf:VpSBt7CE+gfIhM4l6Hz3qFlJ0cei
-
Detect Lumma Stealer payload V4
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Looks for VMWare Tools registry key
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
3Windows Service
3Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7Virtualization/Sandbox Evasion
1