General
-
Target
updater.msi.zip
-
Size
5.0MB
-
Sample
240227-myjvvafd2y
-
MD5
b10e825fe265911e6ac5462ba2b2556b
-
SHA1
bce2a35258669855043e235fdeb35341d98000ee
-
SHA256
c5a3407d4fe90acb290604aa260d14f5d5fa44473c39944a05c348c94f9a6da0
-
SHA512
ba98cdb21608f194114baeacfbe836975eb45dc79023939cffda2065a2400a9d4d53e5dcc323492ecd8ab1c53acfd84d09bcb6e11ac1b16f2e64cb0464eb93f7
-
SSDEEP
98304:dVmfRrsjpo2GGei9niDWbDlqQxJjii4dZ6tbRPaodiMGxrBbDL832sfyUDC:nmGjAXDWVqqJM6pRPaZMGrbDE2TUDC
Static task
static1
Behavioral task
behavioral1
Sample
updater.msi
Resource
win7-20240221-en
Malware Config
Extracted
lumma
http://zamesblack.fun/api
https://zamesblack.fun/api
Targets
-
-
Target
updater.msi
-
Size
8.3MB
-
MD5
4b274f5177add19e1354e8ce7bc018de
-
SHA1
80b5ce160232d37407a4888860be4bccc019b27a
-
SHA256
a8c50ffe3602a16f747b8b19fb51883f25aa6d9f53f9f2c8fd73e0f6bda4218f
-
SHA512
9c7cea2671ef94954ba751160167486c4651511a519f2413683626f791b485d259399cfd880ec15b5618dc9ad64305db1d2d0299bd0f5fe8c6db21c51494ff18
-
SSDEEP
98304:VkIe+YjNoLRunRYsIdn3dZYs2cKkFPOlzBIlq8mBE9cl1C8XPS99:hdIQRunq3jymc8GzC8Xqv
-
Detect Lumma Stealer payload V4
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-