General
-
Target
LaunchBFH.exe
-
Size
927KB
-
Sample
240225-ntt1pabf2w
-
MD5
d3c1c1a07fc43292e7e29e57c752d4c5
-
SHA1
378c2bf9ece8f5db60f56fda569d24c413d64b55
-
SHA256
80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684
-
SHA512
d16e8e1da988314de0a130d67fe9f8eacd4c49084ed8e122ad11b2a8e0401fc1e1d1bd48f1cacd9742a447719390d93b5c1d32ef366502553a162740f3978adb
-
SSDEEP
12288:SdPEXbCuPYDfFyTxAgY1jggLXKHeH82f3Mp6ot7amxgtxBR3Z2txznbQb0YNDSry:SlEXbCjFjgYlyFW3Mam6txBe91fPQ+Te
Static task
static1
Behavioral task
behavioral1
Sample
LaunchBFH.exe
Resource
win7-20240221-en
Malware Config
Extracted
lumma
https://assumptionflattyou.shop/api
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
LaunchBFH.exe
-
Size
927KB
-
MD5
d3c1c1a07fc43292e7e29e57c752d4c5
-
SHA1
378c2bf9ece8f5db60f56fda569d24c413d64b55
-
SHA256
80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684
-
SHA512
d16e8e1da988314de0a130d67fe9f8eacd4c49084ed8e122ad11b2a8e0401fc1e1d1bd48f1cacd9742a447719390d93b5c1d32ef366502553a162740f3978adb
-
SSDEEP
12288:SdPEXbCuPYDfFyTxAgY1jggLXKHeH82f3Mp6ot7amxgtxBR3Z2txznbQb0YNDSry:SlEXbCjFjgYlyFW3Mam6txBe91fPQ+Te
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-