General
-
Target
pcworldx64installer.zip
-
Size
11.3MB
-
Sample
230501-n15e1ahb8s
-
MD5
9ac2d6a90b5fad415a589907dd5ea7ea
-
SHA1
bd41eb8d00f88972812752bbe3a3be91d986d73f
-
SHA256
13716fdf716aa8479df57501ce208cae4fc31e5a5bb9f483764ba76fdbea4b0d
-
SHA512
bb19610fe3dcd940e81d09ad65523b784bab2162609d960166528e40bbd998ff8eed275dd888b59052e70b18766621c092ea5fc388d39bea4a7f694190c9379f
-
SSDEEP
196608:4DiDSy66GIbqTpOSLRfyvA8QRGqtgA9aHPa4eAYwKbacjTy1tdW9Rd+PrLv+8Otp:4DQQZFh8Qb6VHPd8wKbacjTy1O9RkfWj
Static task
static1
Behavioral task
behavioral1
Sample
Setup_x64.exe.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Setup_x64.exe.lnk
Resource
win10v2004-20230220-en
Malware Config
Extracted
lumma
82.118.23.50
Targets
-
-
Target
Setup_x64.exe.lnk
-
Size
1KB
-
MD5
b1b6eb2189e0f3d7ecfea63baafca452
-
SHA1
af279896cf4ec2c487e5599759cee19bdd0d84b6
-
SHA256
0bbeb529931ee10f4cde96b33689c45b0406b3b33a55d4a0341fac2e67749b55
-
SHA512
b1dbf2144f13d08b7a62a7fc24681f6c8c324b56eb4048da64836ab2d83efed80c80acc9f06e44de02ddcdb31a4eefa9f244447b128d1d73cacf583eb17f66a2
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-