General
-
Target
ezyzip.zip
-
Size
3.5MB
-
Sample
240704-wc1qxa1cjj
-
MD5
b9635b48a4b347bf279b3e6679d592c9
-
SHA1
c95ddab642f8357bedbade02476c8753ce577dff
-
SHA256
df4d859ead3eedc85f206be1822330eaf0cf9f65889f244be231e7de0446b7ad
-
SHA512
30a5b56c577476e986907a520e84de645e49e9b0baa4a3c5de32e53cced5df4fb31e3840320085c7c3dc9ce621d74d45273ca2b92b8458b09a1df079ffc7119f
-
SSDEEP
98304:h0jh4fmcGDu0g0AJQjcy54mmlL3jsz3jRd:qjkQy0r5jcyxMIz3jRd
Static task
static1
Behavioral task
behavioral1
Sample
ezyzip.zip
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
ezyzip.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
github_installer.exe
Resource
win7-20240419-en
Malware Config
Extracted
lumma
https://stationacutwo.shop/api
Targets
-
-
Target
ezyzip.zip
-
Size
3.5MB
-
MD5
b9635b48a4b347bf279b3e6679d592c9
-
SHA1
c95ddab642f8357bedbade02476c8753ce577dff
-
SHA256
df4d859ead3eedc85f206be1822330eaf0cf9f65889f244be231e7de0446b7ad
-
SHA512
30a5b56c577476e986907a520e84de645e49e9b0baa4a3c5de32e53cced5df4fb31e3840320085c7c3dc9ce621d74d45273ca2b92b8458b09a1df079ffc7119f
-
SSDEEP
98304:h0jh4fmcGDu0g0AJQjcy54mmlL3jsz3jRd:qjkQy0r5jcyxMIz3jRd
Score1/10 -
-
-
Target
github_installer.exe
-
Size
127.5MB
-
MD5
b632cf3c5bb16abf2045630f5ef5863d
-
SHA1
9cc11f5ea081b9f05014725460146c5e15b16195
-
SHA256
87dd6cb04b85a8238640b1e527ef18b2e1577bc1d75c4c4d91f15e18d186e9fb
-
SHA512
6bce013a52bda1cf1f5a95c1d0b05443f892069758065c0f6760a005046d1a76b6ba10c452ec991bf08a20c138967626d175e21c9a4da7815fd7956a2a5fad58
-
SSDEEP
12288:3U7KDE27/KjEWQ3TNX/urrGAQWlcAy/Mc21DkGmFyqDttJtJJ9g/Yq6FkCssSL4k:E7KI2JT1urrOs/
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-