General
-
Target
146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03
-
Size
1KB
-
Sample
240528-nqfc5ahc21
-
MD5
9502dc9350c13e66e15a4cfb2c1f3aca
-
SHA1
dc2242f7db20926823f21a998f04e18754385818
-
SHA256
146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03
-
SHA512
cf33bef35a2ace1ff96c3155677e90089f5cbd3564c046e843f1deda72fded3764144f30c7d09d18b3429451b5aa25fd875f28ae32df8a35978ba4e1e0a66922
Static task
static1
Behavioral task
behavioral1
Sample
146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03.lnk
Resource
win7-20240221-en
Malware Config
Extracted
https://matodown.b-cdn.net/matodown
Extracted
https://matodown.b-cdn.net/matodown
Extracted
lumma
https://declineforntyuekw.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Targets
-
-
Target
146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03
-
Size
1KB
-
MD5
9502dc9350c13e66e15a4cfb2c1f3aca
-
SHA1
dc2242f7db20926823f21a998f04e18754385818
-
SHA256
146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03
-
SHA512
cf33bef35a2ace1ff96c3155677e90089f5cbd3564c046e843f1deda72fded3764144f30c7d09d18b3429451b5aa25fd875f28ae32df8a35978ba4e1e0a66922
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-