Overview
overview
10Static
static
3VMM.zip
windows7-x64
1VMM.zip
windows10-2004-x64
1Data.exe
windows7-x64
1Data.exe
windows10-2004-x64
1Setup.exe
windows7-x64
5Setup.exe
windows10-2004-x64
10iepdf32.dll
windows7-x64
3iepdf32.dll
windows10-2004-x64
3indecorum.tiff
windows7-x64
3indecorum.tiff
windows10-2004-x64
3plugins/Co...st.dll
windows7-x64
1plugins/Co...st.dll
windows10-2004-x64
1plugins/Np...er.dll
windows7-x64
1plugins/Np...er.dll
windows10-2004-x64
1plugins/Np...rt.dll
windows7-x64
1plugins/Np...rt.dll
windows10-2004-x64
1plugins/mi...ls.dll
windows7-x64
1plugins/mi...ls.dll
windows10-2004-x64
1rubadub.odp
windows7-x64
1rubadub.odp
windows10-2004-x64
1updater/GUP.exe
windows7-x64
1updater/GUP.exe
windows10-2004-x64
6updater/LICENSE
windows7-x64
1updater/LICENSE
windows10-2004-x64
1updater/README.md
windows7-x64
3updater/README.md
windows10-2004-x64
3updater/enco.exe
windows7-x64
6updater/enco.exe
windows10-2004-x64
6updater/gup.xml
windows7-x64
1updater/gup.xml
windows10-2004-x64
1updater/libcurl.dll
windows7-x64
1updater/libcurl.dll
windows10-2004-x64
1General
-
Target
VMM.zip
-
Size
14.6MB
-
Sample
240406-hgx9pacg81
-
MD5
06c696dec212fe9a135fcc5a15a9a134
-
SHA1
84ee0bfdffcca7aeb588fc7900cb859d88ab0b5b
-
SHA256
5344ad88a5cd21e8c2b396d4c0ff00bf3bb2c09aee63c7eb6f72a86c1a5398f9
-
SHA512
734fe295516172adb5968fd296e16db6daec73c932860db8b45e843f9eb56e1a00ee2908dd53ec533c27d1aaf3839b0fe0ad0a898b4d24f18eeadcc6b51620d8
-
SSDEEP
393216:6Lnku9vqgEr3sLmwawkhpNtmAbwFihMXaYFOv0rl66Qwl6hPK/8aeG:6LnjV2sLXBkNtmAEFihoj95XQwMpa/
Static task
static1
Behavioral task
behavioral1
Sample
VMM.zip
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
VMM.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Data.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Data.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Setup.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
iepdf32.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
iepdf32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
indecorum.tiff
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
indecorum.tiff
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
plugins/Config/nppPluginList.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
plugins/Config/nppPluginList.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral13
Sample
plugins/NppConverter/NppConverter.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
plugins/NppConverter/NppConverter.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
plugins/NppExport/NppExport.dll
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
plugins/NppExport/NppExport.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
plugins/mimeTools/mimeTools.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
plugins/mimeTools/mimeTools.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
rubadub.odp
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
rubadub.odp
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
updater/GUP.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
updater/GUP.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
updater/LICENSE
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
updater/LICENSE
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
updater/README.md
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
updater/README.md
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
updater/enco.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
updater/enco.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
updater/gup.xml
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
updater/gup.xml
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
updater/libcurl.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
updater/libcurl.dll
Resource
win10v2004-20240319-en
Malware Config
Extracted
lumma
https://kitchenreviewbewrwsa.shop/api
https://birdpenallitysydw.shop/api
https://cinemaclinicttanwk.shop/api
https://disagreemenywyws.shop/api
https://speedparticipatewo.shop/api
https://fixturewordbakewos.shop/api
https://colorprioritytubbew.shop/api
https://abuselinenaidwjuew.shop/api
https://methodgreenglassdatw.shop/api
Targets
-
-
Target
VMM.zip
-
Size
14.6MB
-
MD5
06c696dec212fe9a135fcc5a15a9a134
-
SHA1
84ee0bfdffcca7aeb588fc7900cb859d88ab0b5b
-
SHA256
5344ad88a5cd21e8c2b396d4c0ff00bf3bb2c09aee63c7eb6f72a86c1a5398f9
-
SHA512
734fe295516172adb5968fd296e16db6daec73c932860db8b45e843f9eb56e1a00ee2908dd53ec533c27d1aaf3839b0fe0ad0a898b4d24f18eeadcc6b51620d8
-
SSDEEP
393216:6Lnku9vqgEr3sLmwawkhpNtmAbwFihMXaYFOv0rl66Qwl6hPK/8aeG:6LnjV2sLXBkNtmAEFihoj95XQwMpa/
Score1/10 -
-
-
Target
Data.pt
-
Size
3.9MB
-
MD5
7e3f7bde44eaa3bf6265255e9c1f23d0
-
SHA1
1b14c6549fb1b27d7b5b03ca31be0d0da218077e
-
SHA256
0470512bcfb754d7ac67a763fc1f2c0e5db72bc67a2eea0e90bc14b138ccd38b
-
SHA512
7b238831bcbd3943b71436f166358eea868ed99b3dfb17c8f48706e1ebd527463837eb4e83102aed4f073df8debba56a930295d22cdd8a7014a8ba192f14ec08
-
SSDEEP
98304:kvUmXRt5VzTFMD4cF7goxVKj5OJPL2PsoZ:kPRt5lTiDtFjVK1CPaV
Score1/10 -
-
-
Target
Setup.exe
-
Size
8.7MB
-
MD5
480f8cf600f5509595b8418c6534caf2
-
SHA1
dc13258ebb83bdf956523d751f67e29d6e4cf77e
-
SHA256
6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2
-
SHA512
f0bd99f68d59e80538fb276945d0f383394cb94a35c6d12ebd3e87061222249f78b9ca75716b33e36b66842b97c71149612111fcb6a8a3bc3a97635b03934aaf
-
SSDEEP
196608:Ywdj1UbkCchr3rlFE8GCWhKUzGZ3gRTFHnBz58//o:Yw91Ubkxhr3rlFHWhKUzGZ3gRTFhzi/o
-
Suspicious use of SetThreadContext
-
-
-
Target
iepdf32.dll
-
Size
4.3MB
-
MD5
c12113bdda61107107736c98c58ca8f1
-
SHA1
0ce6383dacb79190c174ef3123f2a5c135a73125
-
SHA256
b748e5dc64f5ece1b256705b7365a89b3be9284587da5f3abbde4be78864867e
-
SHA512
1186569e6d523e1c032f3b6fe32d42017c3d712489fba085395c74649657bfcadcff52a1e2d0e87afdda2f9613325107ba210769b70e490d16ef37189ccd95c6
-
SSDEEP
98304:RszKnK7RZKZk8AZ1uWhgTsOQbIW5gmTKuCIUMPaLownwCIC6Q3:RRZkB1WogmFPaQCIC6e
Score3/10 -
-
-
Target
indecorum.tiff
-
Size
47KB
-
MD5
b8156c34e73375534ba79a1aeea74c2c
-
SHA1
4259f2e091641f6f3431f5375e6539841777b141
-
SHA256
ec0299b6a1fb233174f2c022ebbd5229d015898c58c770e4022b69b1b16c8b9b
-
SHA512
402a64da0e9eb1b927722643fba9207930fcc0649ef18ab0dbe7cec35b3e9074f885a7ff7bfcc9fc57c1b4d192d48fd7026fc35ba82fdfb125aaa8264ae6e55c
-
SSDEEP
768:wA0r5wuUOvLaJnWk0EyoTW4OByirVOVCGKY1mkON+C6mAzh68T:wt2MREzkrVzR6Fm2
Score3/10 -
-
-
Target
plugins/Config/nppPluginList.dll
-
Size
203KB
-
MD5
b65fdddd07b2cac6fbe48b965a7f3f10
-
SHA1
57873c8ae4ef062340299db8e92e616121011a51
-
SHA256
9ff8dbeb2d3ca17cd543621464f37b3d9b78b7d9194e83294e9d06624fabb7bf
-
SHA512
5afaf8409a8572f353c51e0e44201d0ab12a9c94aa97fee8097334cf5e37f409e123b852c3b139cd506ea8e8a802e0a771a0ce4ebea04c3905edd47e9b64f64f
-
SSDEEP
3072:VuQtUEW4pggQikeV29r97Fo/rg4aSuhJFAhT1YfabjBK9zhH5oVI8vs:1tUr4/Dkq2FHQ1G37q
Score1/10 -
-
-
Target
plugins/NppConverter/NppConverter.dll
-
Size
199KB
-
MD5
13c6c862f6efcab7f9190ae77091f8c3
-
SHA1
c80d1e8be75b658b2d226febc9365e1b7eed2f31
-
SHA256
88ded8ea380aa1b2deb5a6ba0c600e74a445c862919bf15cd0deed3987f1951e
-
SHA512
1518993690daf78d7883c19a6b9d78be205542888ce06f4e4a484b02b9108b13180657c45e93ddad0dfbea33554ca707ac5a170190ed27d35f3023647b3dc14a
-
SSDEEP
3072:WVub4QxSy09L3pCQRUKobM56CjX6cr1+5tq4GtBXdj6oSOE6qglw:wXE09MQRMbkNKZ4799E6hw
Score1/10 -
-
-
Target
plugins/NppExport/NppExport.dll
-
Size
153KB
-
MD5
2e9427296085643dd15eed57360c4490
-
SHA1
ea9cf44eac4d19e7dbc723b5ce2541dd9d6de31c
-
SHA256
089780324ce5e5482876a9da6271dd7d7c0acc41dfff03deb6c5c1925828dd8b
-
SHA512
b5089dd044b670da06fc95449a05fdc73cfe428e49eff55de2d73c4e9905cd82d32eb3567bf7709105fcb253c05d66552988599628f55afdec07543a546453cd
-
SSDEEP
3072:4HWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:WWYwtRxCYAKfb5uwodsIjd6k6
Score1/10 -
-
-
Target
plugins/mimeTools/mimeTools.dll
-
Size
145KB
-
MD5
27aa04bd27cd40bebb2fe0f2923b3670
-
SHA1
c0c5e034dacf5fb86f1fb83bd7870f4465ec6618
-
SHA256
cdbdd182cac307ea29fcffde1243f73c07ea746d72fb94a38a3363e928de4039
-
SHA512
8b5d5dfc8168698ddb4e395dab4c1458ae63254e4d823dfae761a39c2aaeb335e3fce4cc37e7230bdf16a15e7c1ba865e9bbd88770320379edf932fee29ad13c
-
SSDEEP
3072:p/kcoI7/XB2WOy+mHw+etLrI76JavBBf87JD7P:pWI7vBiy+mH8hI76r7J
Score1/10 -
-
-
Target
rubadub.odp
-
Size
2.6MB
-
MD5
cb0817ee940dbcd0f78bf23c8d56009c
-
SHA1
cdd5dc4e2296bb23378266e54d70a659fc3789e4
-
SHA256
880e17f28599159f950fcae891afd280176d8cf5710242b5996da6e788eab61d
-
SHA512
930762538cc932a99fe2b1fc8067e08a35a34ace0025ef36679f7837855252063b897c00fffe882095d741fdf579483f870cebb0442aaf789650f4a5779a3bf0
-
SSDEEP
49152:RF/Tx+2gpXU9/eBr1JCqDL122/nvbxNTQ9upQisGau6EQgmHWFc:/x+3f+qDL42/zxKupQJGauSgVc
Score1/10 -
-
-
Target
updater/GUP
-
Size
818KB
-
MD5
1884dd352c2b8df7e7ee80573af580ac
-
SHA1
cabd8ed8b7c65f403ecdd90a9dff142b044fb3fc
-
SHA256
f22a7438a2226321324a81926bb311c25377ce977a32c84064d29e932fa22598
-
SHA512
a90fa4a1dbf789b0a9d085e4e3dfbb6fe2efe5dccabe311bb6411529e5cb465e575291e414d86acbe82c9b39eb6d6cf92c45e5d29d6ff75782d98c201863039c
-
SSDEEP
12288:HySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:SqMo2aWqT2KbpIFZ6PNeTw
Score6/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
updater/LICENSE
-
Size
7KB
-
MD5
8e3494bf8cf1967afd3b1016fbbe5bb0
-
SHA1
b1608abb6e19ef60f4b9c52f6e05bf81cc97d0c2
-
SHA256
319917f5ccd09878db6f67c9a77dee846055644ca49eb535628b9e020a87261e
-
SHA512
11294efdbf6203801edfc8c4a55e106e80196ae65bb024359c3d105736251be5ed7a5a1e802cb492be112668e1c6a632eca4cbcf9be62775a82adf6e5ecb974e
-
SSDEEP
192:HhKdfuB05iy5ylXFln0LxDvvzDyf1/rKpC:4dfsgi6uD0LlPs
Score1/10 -
-
-
Target
updater/README.md
-
Size
3KB
-
MD5
bd0cd75d784913ded2152cd7a182853e
-
SHA1
63a9a3231309a4acdd0c124b518257cc0dda88ee
-
SHA256
0e7418f89ce1cad3b24d37f2b599cdf0b9d2e9a2a401d00e2fb9579e900160c8
-
SHA512
67b5905270723f0b84973b6fa4cf0d06cd4fd0e72a877970491273ddea4d42819d8853134877c564fba7e3d69c4df322da7b5743b24928fa987c9fc20e776d0a
Score3/10 -
-
-
Target
updater/enco.dll
-
Size
6.3MB
-
MD5
6ff10e6ee4ffb13e6b3365de94c7981c
-
SHA1
ad109e17485829da8408687de35bc0c0ddd6965e
-
SHA256
b8ec0b5e43c165b1a244691350172843fa06f083cbc0888f9c138cd7107e1dec
-
SHA512
1b00c001e4b7f25ba884540b959b93e2d49f9bd6e9a829a07accb2187fc41d414838645dafb3bcf05bc79217312e4ccad71ae7b90dda9a4b88580532f7895fcf
-
SSDEEP
49152:7m1nUoSLyXmFSbFx8q78C1XXpDYALLRENU9Qd+bukZv5GR2EHxjCZdJdZcDrgDQL:9FSbrB4WXWU9w6ZJMtHE9WbKF0l
Score6/10-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
-
-
Target
updater/gup.xml
-
Size
4KB
-
MD5
abde55a0b1cb4a904e622c02f559dcd1
-
SHA1
1662f8445a000bbf7c61c40e39266658f169bf13
-
SHA256
92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5
-
SHA512
8fe75fb468f87be1153a6a0d70c0583a355f355bfe988027c88d154b500e97f2c5241d9557ebb981067205e2f23ad07b6a49c669cd3e94eaa728201173b235a0
-
SSDEEP
96:rrxgFDl+72Y+WbPRkrm1+U4YeJS2kG6QrABYUCJ8PYPwJrkFI:rVgFhunzbpka1+UNQo2sBCPwJrkFI
Score1/10 -
-
-
Target
updater/libcurl.dll
-
Size
728KB
-
MD5
55749af1692a3e5ddf168a0d212ae549
-
SHA1
0edfb6d343a5d8ccb68f836dbfa40ccdf2ecaab0
-
SHA256
6b15342b708e58e7dcec14ebd54bbcbc33d7081d8ffea93f8c59b64879e011f0
-
SHA512
7042a8a82bbf402a41be9eee63b2a2ea8f57b0226b1019cc652bf0050e75f833d11c7f64b0fde46d4d3882ec5eab85b8d15f41a50133d69990b80bd70d1df032
-
SSDEEP
12288:/vnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:/VekCoa5l2P2B6hdQvl03msMy
Score1/10 -