General
-
Target
crypted.exe
-
Size
519KB
-
Sample
240526-2bbnaaec2z
-
MD5
1b1c7e6e96667a6a758b22d444de57a7
-
SHA1
3eafd122d0814ee5aeb35a9bce975805a8cf6744
-
SHA256
e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90
-
SHA512
2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7
-
SSDEEP
12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1
Static task
static1
Behavioral task
behavioral1
Sample
crypted.exe
Resource
win10-20240404-en
Malware Config
Extracted
lumma
https://employhabragaomlsp.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Targets
-
-
Target
crypted.exe
-
Size
519KB
-
MD5
1b1c7e6e96667a6a758b22d444de57a7
-
SHA1
3eafd122d0814ee5aeb35a9bce975805a8cf6744
-
SHA256
e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90
-
SHA512
2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7
-
SSDEEP
12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1
Score10/10-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-