Analysis
-
max time kernel
55s -
max time network
70s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
22-03-2023 14:51
Static task
static1
General
-
Target
24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa.exe
-
Size
988KB
-
MD5
4aa21293162188635cf4d4ef626f367c
-
SHA1
c3e2de0f1a01f2b256ed977234fba29a2e1e9e60
-
SHA256
24e8e618ddeba28efb95b1e6a2b574879eabb48948f19a0e3bb3e6b2bf3e27fa
-
SHA512
6d8fb337d8dd9126ee28d51380e7ef0d1f4e6b0450e6d61632db628a9d722832f1ae8ea91470ea5c5e0e15b06a6a01e52b617d8cb1965addb97ffc55272af5fd
-
SSDEEP
12288:i6T+g+TFMg3gNuFSjwgPcb7Ge/8FM+9sQUsU0RDOOtKq0A3LZjBgsJPurYEKvl:Wg+TNgyWM/hU1JU0RDOOx0Q1jBarYE
Malware Config
Extracted
lumma
82.117.255.80
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.