General
-
Target
YourTooIl
-
Size
154KB
-
Sample
240221-qfvq6sgc87
-
MD5
3d07e26e02c60cf40ec99d4704ef0f75
-
SHA1
3f67c682c0ed0b754bec60223778468f769d9a35
-
SHA256
d3005193be62d42a897396d170bf1532f71d4e61a86e1454981177416ccec742
-
SHA512
354175e99ede0b6b15db842bae11dfd4f0bbe1571627327d07daf34859fa7fd86ab549f1a205afe8d7094e20b2adca49892047a7b1e61cd7cb99271e322f2cec
-
SSDEEP
3072:EIHm8korCBcKt8uzoR7qqHb5NRs3NY0/6Pg3X1+Zkewl74ek:idcl5NRsdY0/6Pg3X1+Zkewl7Tk
Static task
static1
Behavioral task
behavioral1
Sample
YourTooIl.js
Resource
win10-20240221-en
Malware Config
Extracted
lumma
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
YourTooIl
-
Size
154KB
-
MD5
3d07e26e02c60cf40ec99d4704ef0f75
-
SHA1
3f67c682c0ed0b754bec60223778468f769d9a35
-
SHA256
d3005193be62d42a897396d170bf1532f71d4e61a86e1454981177416ccec742
-
SHA512
354175e99ede0b6b15db842bae11dfd4f0bbe1571627327d07daf34859fa7fd86ab549f1a205afe8d7094e20b2adca49892047a7b1e61cd7cb99271e322f2cec
-
SSDEEP
3072:EIHm8korCBcKt8uzoR7qqHb5NRs3NY0/6Pg3X1+Zkewl74ek:idcl5NRsdY0/6Pg3X1+Zkewl7Tk
Score10/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1