General
-
Target
dlllist.txt
-
Size
35B
-
Sample
240705-trnzjstfmd
-
MD5
ff98c62757cb7c9f5dbedcd67d3781f6
-
SHA1
82076991ee9a824bcf9969b416fcc163d02a6160
-
SHA256
662dd415e2796635702c49586fb99ae62a3c6f595976d6923ec8a4e7c23fa8fe
-
SHA512
42973bbb4feb375354684c0356c45bfa7f0bf63056906244c2c0ac89720326cfa41c9aa51e2522d1d9da66c019ccf3dba570a732007e8b3306e66920faaae791
Static task
static1
Behavioral task
behavioral1
Sample
dlllist.txt
Resource
win10-20240404-en
Malware Config
Extracted
lumma
https://bouncedgowp.shop/api
Targets
-
-
Target
dlllist.txt
-
Size
35B
-
MD5
ff98c62757cb7c9f5dbedcd67d3781f6
-
SHA1
82076991ee9a824bcf9969b416fcc163d02a6160
-
SHA256
662dd415e2796635702c49586fb99ae62a3c6f595976d6923ec8a4e7c23fa8fe
-
SHA512
42973bbb4feb375354684c0356c45bfa7f0bf63056906244c2c0ac89720326cfa41c9aa51e2522d1d9da66c019ccf3dba570a732007e8b3306e66920faaae791
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Power Settings
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Component Object Model Hijacking
1Scheduled Task/Job
1Scheduled Task
1