Overview
overview
10Static
static
3Installer-...ed.zip
windows7-x64
1Installer-...ed.zip
windows10-1703-x64
1Installer-...ed.zip
windows10-2004-x64
1Installer-...ed.zip
windows11-21h2-x64
1Installer-...ed.zip
macos-10.15-amd64
1Installer-...ed.zip
debian-9-armhf
Installer-...ed.zip
debian-9-mips
Installer-...ed.zip
debian-9-mipsel
Installer-...ed.zip
ubuntu-18.04-amd64
0x000a0000...53.exe
windows7-x64
10x000a0000...53.exe
windows10-1703-x64
80x000a0000...53.exe
windows10-2004-x64
100x000a0000...53.exe
windows11-21h2-x64
80x000a0000...53.exe
macos-10.15-amd64
10x000a0000...53.exe
debian-9-armhf
0x000a0000...53.exe
debian-9-mips
0x000a0000...53.exe
debian-9-mipsel
0x000a0000...53.exe
ubuntu-18.04-amd64
General
-
Target
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
-
Size
66.8MB
-
Sample
240217-fsz7baca54
-
MD5
f5c5935ac75649654a3c831ed5fe6fa0
-
SHA1
52ec2e983ab06aa15750114a9e265d4fb5af7f54
-
SHA256
93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4
-
SHA512
a021f3cab542ccca8aff067d001d0c4494c6d1f49dd0e4776ab96f72edf5d87defc9a8ae81e5b39c5fc5d3cef618c6de04ea5d68b25d8e6c6975ad95e44257ea
-
SSDEEP
1572864:8yIoOPzJpq0jzwKSqj4uEv9oPoCvOFahjcWnSFnecJ3rrIpMU9doIny:8ywjc3qj4vvE0ahoWnkei36M0KIny
Static task
static1
Behavioral task
behavioral1
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
win10-20240214-en
Behavioral task
behavioral3
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
win11-20240214-en
Behavioral task
behavioral5
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
macos-20240214-en
Behavioral task
behavioral6
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral7
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
debian9-mipsbe-20231222-en
Behavioral task
behavioral8
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral9
Sample
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral10
Sample
0x000a000000023656-53.exe
Resource
win7-20231215-en
Behavioral task
behavioral11
Sample
0x000a000000023656-53.exe
Resource
win10-20240214-en
Behavioral task
behavioral12
Sample
0x000a000000023656-53.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
0x000a000000023656-53.exe
Resource
win11-20240214-en
Behavioral task
behavioral14
Sample
0x000a000000023656-53.exe
Resource
macos-20240214-en
Behavioral task
behavioral15
Sample
0x000a000000023656-53.exe
Resource
debian9-armhf-20231221-en
Behavioral task
behavioral16
Sample
0x000a000000023656-53.exe
Resource
debian9-mipsbe-20231222-en
Behavioral task
behavioral17
Sample
0x000a000000023656-53.exe
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral18
Sample
0x000a000000023656-53.exe
Resource
ubuntu1804-amd64-20231215-en
Malware Config
Extracted
lumma
https://gemcreedarticulateod.shop/api
https://secretionsuitcasenioise.shop/api
https://claimconcessionrebe.shop/api
https://liabilityarrangemenyit.shop/api
Targets
-
-
Target
Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
-
Size
66.8MB
-
MD5
f5c5935ac75649654a3c831ed5fe6fa0
-
SHA1
52ec2e983ab06aa15750114a9e265d4fb5af7f54
-
SHA256
93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4
-
SHA512
a021f3cab542ccca8aff067d001d0c4494c6d1f49dd0e4776ab96f72edf5d87defc9a8ae81e5b39c5fc5d3cef618c6de04ea5d68b25d8e6c6975ad95e44257ea
-
SSDEEP
1572864:8yIoOPzJpq0jzwKSqj4uEv9oPoCvOFahjcWnSFnecJ3rrIpMU9doIny:8ywjc3qj4vvE0ahoWnkei36M0KIny
Score1/10 -
-
-
Target
0x000a000000023656-53
-
Size
686.9MB
-
MD5
3abe8b51f5087787b9c121b10f37108b
-
SHA1
4cb1fc54dc24f175c744a958e74ff84b5fb16d4e
-
SHA256
7ba93fe544def71fa435ae70911356845d19d5fcee1df71369aa537fe848c5d5
-
SHA512
fcee37f1e56aed457f71aa0c54f320e28a308c002d639bcd424389cb464ce18103746b470456f5824b28d079cead670bdcb8d691d8bed864544ffbfe2c75fed4
-
SSDEEP
1572864:jnhUzyh7u4k9pJmoLKAwhzTICA8VjcDJSx:jnikUDUzPAUj3x
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-