General
-
Target
bittorrent_installer.exe
-
Size
1.8MB
-
Sample
240518-1rppeahf3y
-
MD5
e3a426ee7af841fcf69607f319764df1
-
SHA1
d75c44fb403d33399ec95ca13843d59abee6dc81
-
SHA256
74c46613608a20996b55a6d2022d720e7dcc884c8a4038ca7a1db11308bba483
-
SHA512
c48dd13bdaea81b9850c64e4c538aa4ce84253b4fd8dac93f8e2c4f7c406b005f16c2d88df72ee053666b18917380be2beeffde1a0f528ce86bef6302959578a
-
SSDEEP
24576:z7FUDowAyrTVE3U5F4u6ZGYF8MOpJvXz31DFs8DZ/DdGVK6q+1nTTEE:zBuZrEU8uy8MOH1DSa/DoQGd/
Static task
static1
Malware Config
Extracted
lumma
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Targets
-
-
Target
bittorrent_installer.exe
-
Size
1.8MB
-
MD5
e3a426ee7af841fcf69607f319764df1
-
SHA1
d75c44fb403d33399ec95ca13843d59abee6dc81
-
SHA256
74c46613608a20996b55a6d2022d720e7dcc884c8a4038ca7a1db11308bba483
-
SHA512
c48dd13bdaea81b9850c64e4c538aa4ce84253b4fd8dac93f8e2c4f7c406b005f16c2d88df72ee053666b18917380be2beeffde1a0f528ce86bef6302959578a
-
SSDEEP
24576:z7FUDowAyrTVE3U5F4u6ZGYF8MOpJvXz31DFs8DZ/DdGVK6q+1nTTEE:zBuZrEU8uy8MOH1DSa/DoQGd/
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1