General
-
Target
creaminstaller.exe
-
Size
517KB
-
Sample
240705-p35dfsydlr
-
MD5
ff6ebaba7de1e99d37206afc9f9281e7
-
SHA1
c1f7bfb48bc6ff019ae697a9a724e821cb0b2624
-
SHA256
0d58b7e445ac81c5000f1fc82566974158440aeabd57b2b16080659386ea64f8
-
SHA512
22dd0ef1411ce92347f0fc055b2f869d33d7f058622228cbca5833b55ce7a3bcf5b3c25ad9cbbe859cb634a0e5bd5c884fc1e96f0f17cad55c2372109094141f
-
SSDEEP
12288:KYAHs+2jwV5HLhhzAEeSZ3U7gOsIqvjM8gUnRfYpr0JP/trch:KYpVjUrfAEeSK71sJM8DBzc
Static task
static1
Behavioral task
behavioral1
Sample
creaminstaller.exe
Resource
win7-20240705-en
Malware Config
Extracted
lumma
https://bitchsafettyudjwu.shop/api
Targets
-
-
Target
creaminstaller.exe
-
Size
517KB
-
MD5
ff6ebaba7de1e99d37206afc9f9281e7
-
SHA1
c1f7bfb48bc6ff019ae697a9a724e821cb0b2624
-
SHA256
0d58b7e445ac81c5000f1fc82566974158440aeabd57b2b16080659386ea64f8
-
SHA512
22dd0ef1411ce92347f0fc055b2f869d33d7f058622228cbca5833b55ce7a3bcf5b3c25ad9cbbe859cb634a0e5bd5c884fc1e96f0f17cad55c2372109094141f
-
SSDEEP
12288:KYAHs+2jwV5HLhhzAEeSZ3U7gOsIqvjM8gUnRfYpr0JP/trch:KYpVjUrfAEeSK71sJM8DBzc
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-