Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-12-12_a033174a36f5fcf67bc7f0237b70fd47_avoslocker_hijackloader_luca-stealer_magniber
-
Size
22.7MB
-
Sample
241212-cj8wba1mej
-
MD5
a033174a36f5fcf67bc7f0237b70fd47
-
SHA1
f0eada0b9432d0ba85bb0de44e4b7751a996f7df
-
SHA256
bd64273315a14107de082980ff128ae9eaca0a36302c0f367867bcaaf57aaaaa
-
SHA512
61b3870842667bc4c0ab282df011259c604b00df0a093659d8559dd1b9d5f85da459c63e5440da7e3464d4b2b9e0a110a08bd15a8e20dab087ca97d6f3d09c18
-
SSDEEP
196608:69uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0oVejN2DaVCjRgo5wwDScTLKdJ4I:69pWH5/+dBJXTzlWH5/+dBJXTz
Behavioral task
behavioral1
Sample
2024-12-12_a033174a36f5fcf67bc7f0237b70fd47_avoslocker_hijackloader_luca-stealer_magniber.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-12-12_a033174a36f5fcf67bc7f0237b70fd47_avoslocker_hijackloader_luca-stealer_magniber.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
192.168.1.26:443
Targets
-
-
Target
2024-12-12_a033174a36f5fcf67bc7f0237b70fd47_avoslocker_hijackloader_luca-stealer_magniber
-
Size
22.7MB
-
MD5
a033174a36f5fcf67bc7f0237b70fd47
-
SHA1
f0eada0b9432d0ba85bb0de44e4b7751a996f7df
-
SHA256
bd64273315a14107de082980ff128ae9eaca0a36302c0f367867bcaaf57aaaaa
-
SHA512
61b3870842667bc4c0ab282df011259c604b00df0a093659d8559dd1b9d5f85da459c63e5440da7e3464d4b2b9e0a110a08bd15a8e20dab087ca97d6f3d09c18
-
SSDEEP
196608:69uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0oVejN2DaVCjRgo5wwDScTLKdJ4I:69pWH5/+dBJXTzlWH5/+dBJXTz
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-