General
-
Target
VI3 Operation Guide_tech Info versionfdp.exe
-
Size
2.1MB
-
Sample
240407-xnl8bsbf21
-
MD5
55f8831a8b5bb5868462b91fadf8f2c4
-
SHA1
dfa43f0d6ea531d99268635bbb14307464bfdf00
-
SHA256
ad6e0e24c2791245c085cb50b3722dbad5fc6bc40129e74780dc996d2984317c
-
SHA512
e9b3fcccbc858b9ae635be9dbc4cbd3d942435fd1bcc25d3b343b1d09e7123110b503c3c1b780389454f8ea4c58c4bc289e2216fe65132510a177311aa90fa88
-
SSDEEP
3072:ax7eBNaqU17pYkH+wWtai4GlIQZboLRi9ua/aHyvF3d2itMOwwwwsVqWAEaqE9qn:ax6SqUDr75GlVbANOwwwwswWYqEoy
Static task
static1
Behavioral task
behavioral1
Sample
VI3 Operation Guide_tech Info versionfdp.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
VI3 Operation Guide_tech Info versionfdp.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lumma
https://appliedgrandyjuiw.shop/api
https://birdpenallitysydw.shop/api
https://cinemaclinicttanwk.shop/api
https://disagreemenywyws.shop/api
https://speedparticipatewo.shop/api
https://fixturewordbakewos.shop/api
https://colorprioritytubbew.shop/api
https://abuselinenaidwjuew.shop/api
https://methodgreenglassdatw.shop/api
Targets
-
-
Target
VI3 Operation Guide_tech Info versionfdp.exe
-
Size
2.1MB
-
MD5
55f8831a8b5bb5868462b91fadf8f2c4
-
SHA1
dfa43f0d6ea531d99268635bbb14307464bfdf00
-
SHA256
ad6e0e24c2791245c085cb50b3722dbad5fc6bc40129e74780dc996d2984317c
-
SHA512
e9b3fcccbc858b9ae635be9dbc4cbd3d942435fd1bcc25d3b343b1d09e7123110b503c3c1b780389454f8ea4c58c4bc289e2216fe65132510a177311aa90fa88
-
SSDEEP
3072:ax7eBNaqU17pYkH+wWtai4GlIQZboLRi9ua/aHyvF3d2itMOwwwwsVqWAEaqE9qn:ax6SqUDr75GlVbANOwwwwswWYqEoy
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-