Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05-07-2024 12:53
Static task
static1
General
-
Target
wsltty-3.7.0.2-i686-install.exe
-
Size
2.7MB
-
MD5
ccf9e0111109fd964a343904a1747041
-
SHA1
cebc930117814de13b0543e7190a1f5b9bf51dcd
-
SHA256
aba457d49c99294c895f8df69714801019ad69a4931f04c7a5a9c50f0ab122a7
-
SHA512
c2e79ed166eef00afea3371f1b6c03d98669ec7bf05c967fc20fd067be07ed6fbafee23c1f2da3743a6627aa99e8c6537e824a6fdce27d05c5f95279dc930564
-
SSDEEP
49152:f99R4yDjdEns7UmYmw+j98a7TnDEJWnc3AOBwXGwcg6p8baXzGXi:1HHEns7Um9duWDEtQcwW9gDG6S
Malware Config
Extracted
lumma
https://assignmentygassdyw.shop/api
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
wsltty-3.7.0.2-i686-install.exepid process 388 wsltty-3.7.0.2-i686-install.exe 388 wsltty-3.7.0.2-i686-install.exe 388 wsltty-3.7.0.2-i686-install.exe 388 wsltty-3.7.0.2-i686-install.exe 388 wsltty-3.7.0.2-i686-install.exe 388 wsltty-3.7.0.2-i686-install.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\wsltty-3.7.0.2-i686-install.exe"C:\Users\Admin\AppData\Local\Temp\wsltty-3.7.0.2-i686-install.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4100,i,18261153038209191383,10347744459236715365,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:81⤵PID:1316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=3020,i,18261153038209191383,10347744459236715365,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:31⤵PID:2824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856