General
-
Target
e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d
-
Size
257KB
-
Sample
230116-fztm4sdf8w
-
MD5
6d39a370d5b7ed1cd987b61adc89f25d
-
SHA1
0484fb54f0eb45a4c2fc4e3fa9e647353024f482
-
SHA256
e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d
-
SHA512
f6fc10e8b6c848afb2bf5ac38ebfb95416f75316ce12a12977aca108cb8101c3f6bfaa5f3ff90a86e9fa62c84c3d3ee729aeff66a4847863e05b55fb4b92c788
-
SSDEEP
6144:ILfHALaKffiAxSYBuAwoQ2sY6nlc/SU4zqQna:ILfgWKf6A4YBftQtY6lGSFP
Static task
static1
Behavioral task
behavioral1
Sample
e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d.exe
Resource
win10-20220901-en
Malware Config
Extracted
lumma
77.73.134.68
Targets
-
-
Target
e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d
-
Size
257KB
-
MD5
6d39a370d5b7ed1cd987b61adc89f25d
-
SHA1
0484fb54f0eb45a4c2fc4e3fa9e647353024f482
-
SHA256
e23f4ad89ec5f09cfc475f14349bcc6aeaa73f3aaa231db43d4cb6650fb2462d
-
SHA512
f6fc10e8b6c848afb2bf5ac38ebfb95416f75316ce12a12977aca108cb8101c3f6bfaa5f3ff90a86e9fa62c84c3d3ee729aeff66a4847863e05b55fb4b92c788
-
SSDEEP
6144:ILfHALaKffiAxSYBuAwoQ2sY6nlc/SU4zqQna:ILfgWKf6A4YBftQtY6lGSFP
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-