General
-
Target
-
Size
167.6MB
-
Sample
240705-tl4statenh
-
MD5
2c81db0cc381a3ed7ba632d3e6aaad83
-
SHA1
0311c3f2acb408b3109808f8b4ea8e10b4966f20
-
SHA256
7da7d152162fd0a796b93b2f28715c50b577ac71a1107b668dc6b2834a5602ba
-
SHA512
80b6ea16046a76e5e60326fd45aa189da36bd6d9bdc86e4422f4e6bad131451cbae0b9ddbb4ed41d55f6f22c4d124fef068f9bf812662281890c4b9f8ac7c0b8
-
SSDEEP
3145728:dbuy3ZlXH+xG7ncZnsbXvL8DDC2EhXXYKH1DBAjWAWNAPn0nKzl:dntH+QTcZnqfADu2wXYKVDBNAWNAP0E
Static task
static1
Behavioral task
behavioral3
Sample
Settings.ini
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
d3d9xx.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
libcef.dll
Resource
win10-20240611-en
Behavioral task
behavioral6
Sample
licension.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
open me - 1212.txt
Resource
win10-20240404-en
Malware Config
Extracted
lumma
https://bouncedgowp.shop/api
Targets
-
-
Target
-
Size
167.6MB
-
MD5
2c81db0cc381a3ed7ba632d3e6aaad83
-
SHA1
0311c3f2acb408b3109808f8b4ea8e10b4966f20
-
SHA256
7da7d152162fd0a796b93b2f28715c50b577ac71a1107b668dc6b2834a5602ba
-
SHA512
80b6ea16046a76e5e60326fd45aa189da36bd6d9bdc86e4422f4e6bad131451cbae0b9ddbb4ed41d55f6f22c4d124fef068f9bf812662281890c4b9f8ac7c0b8
-
SSDEEP
3145728:dbuy3ZlXH+xG7ncZnsbXvL8DDC2EhXXYKH1DBAjWAWNAPn0nKzl:dntH+QTcZnqfADu2wXYKVDBNAWNAP0E
Score3/10 -
-
-
Target
-
Size
110.8MB
-
MD5
d0df0647d2681b9d311c11078ccf5812
-
SHA1
6d2fb23200b7aa0b6ee64a44c40cb22974f6744e
-
SHA256
f8f22ed85c5e62f8c18d55f794d9c9ff8e864fd9f30c35e2b97bff1917afee1d
-
SHA512
5d4d20dec45570680214212e2937b504ee0fcc1413dec076a85f94a0709d4e91691b75967f688a5bbc7afe9d2fe90175765c6c5fabae69d14de3f56fed466fb0
-
SSDEEP
98304:f2OktbpMKV13qLdT/RJywAFh20HEKG4EURcQ4i9:BC1aLdLRJyw220kKdj9
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-
-
-
Target
Settings.ini
-
Size
7B
-
MD5
7a1920d61156abc05a60135aefe8bc67
-
SHA1
808d7dca8a74d84af27a2d6602c3d786de45fe1e
-
SHA256
21b111cbfe6e8fca2d181c43f53ad548b22e38aca955b9824706a504b0a07a2d
-
SHA512
94abfc7b11f4311e8e279b580907fefc1118690479fb7e13f0c22ade816bc2b63346498833b0241eec2b09e15172e13027dc85024bacb7bc40c150f4131f7292
Score1/10 -
-
-
Target
d3d9xx.dll
-
Size
49KB
-
MD5
d7cce8c8e0aec9d35c0ebed3a96341bb
-
SHA1
c3d4d543fddfc20b2e63a0dc48691ec1a605bb1a
-
SHA256
50765305e75a955fc54b15262abed6488c8a1ba1677798fb50c6feff3e328cbc
-
SHA512
1d6990cb306b1157cddc149ce80c0434bf26ba1658e01303eb909af246c960c8831a909560f6b415182f36a895be3bf219107ff99647d9b969f4b1a4e9c72356
-
SSDEEP
768:ZPLzii/Pe3CJL9h0YsQ/9BvJg+udwkGYLKrPCKWhVRDg3XoFfmk7UwDCpsZQj:ZPLGj0xpJgFdwkKrPCZhH8Wh7UwDjZg
Score1/10 -
-
-
Target
libcef.dll
-
Size
19.4MB
-
MD5
60be2cec0d95bb135d4452f39aac6805
-
SHA1
e2de1c24e924d16d66d7d128bc63213f04500d9a
-
SHA256
391b7e66004d7845f5caa7d70f106dac7d0b49538954c55601ed7b5985c3d699
-
SHA512
d50579fe0176477da1c78aeeafb1c9fdaa8905646d9fd32edd4bd2ccdd0591b97721d9cef4a546fcc6816a0ab56f9c2c6c31ccdfc19e7ad998a6ebddb6a3921d
-
SSDEEP
393216:fd4hk/HQezExvwV4mRmT3E70OQSf8j263wrUGu2SfYpfPvZTU:fd46/HQJxvJmP70OQGupwrM2S8U
Score1/10 -
-
-
Target
licension.dll
-
Size
37.4MB
-
MD5
d259e05a1a5962201a50bd6a71be440f
-
SHA1
8fd79622e56b735a7092e271d391bb310c170318
-
SHA256
2c1624e5269cfd37321f4fa2a11b5af00bdf354a4d51347ab53d2010f245064f
-
SHA512
2602ecb6c2e64098b3ed109e02e04bc61039c5ac519982c56fdc1e8eefec901bf1b9c2f03cc578ba281519a53400543b0984f141d54c926c8a5d3595019c072c
-
SSDEEP
393216:kTHIb6yxZMP4Fsb0Lfi4KgTYaoC2dQn8bNJPv3M/X273Jaj6xGEH:9MPVOQ6v275a+xB
Score1/10 -
-
-
Target
open me - 1212.txt
-
Size
276B
-
MD5
769336e97bb4ce5e1af1d04bff97610a
-
SHA1
0b0e7ae2d7e8abd2f6b40039fb88ac857de641a9
-
SHA256
952605005850dce5b64862e07b3ccbfa73abbd688ab642fa21b19601a1938d32
-
SHA512
12f6c30de589d22cd39e306c484b61bc3a802c940bee84315633a095a1931cc2c3c3d22771c497c3f45107866d6e6f276bbc5851d12378839caa1428b4820265
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Power Settings
1Scheduled Task/Job
1Scheduled Task
1