General

  • Target

    2024-03-18_7215848012df0c285b446b6014a25595_aspxspy_darkside_dns-tunnel_equationdrug_fiveeyes_hacktools_revil_sakula_x-agent

  • Size

    2.4MB

  • MD5

    7215848012df0c285b446b6014a25595

  • SHA1

    942f5bf033e98c45ea69bde02a548f488a6feb60

  • SHA256

    8aa68bdee8ebfff590007d293823e3fbef23175cb6b53c65ee57cfc6e8817432

  • SHA512

    731383786dd223896d676687fe0587b9d1f693ceed98842b4c2986aeecc94e6c6937eead8de39c6da2b36dbf5277ab3c070d18f88cb07f6feb87bf7cfaaf60f6

  • SSDEEP

    49152:gHYtkQsTUthJ9sHjNJDE357TyjQg0APxAIfs/PQz/0jl:NtkQuUthbsekAIEN

Score
10/10

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 1 IoCs
  • Detects command variations typically used by ransomware 1 IoCs
  • Detects executables (downlaoders) containing URLs to raw contents of a paste 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables packed with ConfuserEx Mod 1 IoCs
  • Detects files referencing the transfer.sh file sharing website 1 IoCs
  • Lumma family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-03-18_7215848012df0c285b446b6014a25595_aspxspy_darkside_dns-tunnel_equationdrug_fiveeyes_hacktools_revil_sakula_x-agent
    .exe windows:5 windows x86 arch:x86

    6e9877b859ac48faff3c38f86948fa42


    Headers

    Imports

    Sections