General
-
Target
Mia_Khalifa 18+.zip
-
Size
67.8MB
-
Sample
240221-v1gghace93
-
MD5
48bde2cde8d0239e50da3612ccb0cc51
-
SHA1
9b3fec60f264dcd99a31141c8a2bcb0a09f2bff6
-
SHA256
3729104fc485ea9c5a752f6de9226ad5add663f528b8114050d0f958a68ae774
-
SHA512
fd78a61b32d2fa1aeae80b375189b84d3e30852bdf770b78c4c6d05a91d02c196872da8c71a09058f812e07c4faaf1f699a58ab606a84cddf2baa2818bcaaee9
-
SSDEEP
1572864:QITfzLPkhaZfjzOo534Y9Qocnw5p78Lx6rP514ReSHneyISp:QGfH3yo5x9Jcnw5pIteBeMSHeo
Static task
static1
Behavioral task
behavioral1
Sample
Mia_Khalifa 18+.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Mia_Khalifa 18+.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Mia_Khalifa 18+.msi
Resource
win7-20240221-en
Malware Config
Extracted
lumma
https://gemcreedarticulateod.shop/api
https://secretionsuitcasenioise.shop/api
https://claimconcessionrebe.shop/api
https://liabilityarrangemenyit.shop/api
Targets
-
-
Target
Mia_Khalifa 18+.zip
-
Size
67.8MB
-
MD5
48bde2cde8d0239e50da3612ccb0cc51
-
SHA1
9b3fec60f264dcd99a31141c8a2bcb0a09f2bff6
-
SHA256
3729104fc485ea9c5a752f6de9226ad5add663f528b8114050d0f958a68ae774
-
SHA512
fd78a61b32d2fa1aeae80b375189b84d3e30852bdf770b78c4c6d05a91d02c196872da8c71a09058f812e07c4faaf1f699a58ab606a84cddf2baa2818bcaaee9
-
SSDEEP
1572864:QITfzLPkhaZfjzOo534Y9Qocnw5p78Lx6rP514ReSHneyISp:QGfH3yo5x9Jcnw5pIteBeMSHeo
Score1/10 -
-
-
Target
Mia_Khalifa 18+.msi
-
Size
64.5MB
-
MD5
a347250844a6e54c27bd5fcc464dae85
-
SHA1
3b27a896233eb882d1475f773836bf69d1c3bddf
-
SHA256
bfa7a13a97f61cc63ae748ad806978d11391a5c17b1a8a8f4fbaadf07f4e0891
-
SHA512
9b9b3776ee46ed61bb9ecf8b9c04a4607097c88a873616ab83b21c5a1fde304424191d5399899b1665f9d99824d3243e3cc29a9358a857872c93f7e6aa0a5935
-
SSDEEP
1572864:Y4pJnZxr9EOH5skMiNRvKT8SVNWX/nNKRtYA3X8gHAn/VIK:YgJL3svi3iTNVNWX/n0rDnNgn/G
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-