General
-
Target
https://download2264.mediafire.com/wz37pq9ajpigjN8GSaquW2qAwfMYu2R5lRCrj7NfsRyqjtgz9nTrgA0_xCzFEhOfdxQDzLL0ku23cp2nWy6wgZD9DOJ2QGjV5lK-rmhq0HdgfVyHOKr0Ti3QytnAW4anPF3Odu2s1LadWQJ70g27OB_YEm0d9m1NeAVF1tDf_CmzKNo/qqzn0ppo5v8fy0w/ROBLOX+EXECUTOR.zip
-
Sample
240705-ylpq4sxala
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://download2264.mediafire.com/wz37pq9ajpigjN8GSaquW2qAwfMYu2R5lRCrj7NfsRyqjtgz9nTrgA0_xCzFEhOfdxQDzLL0ku23cp2nWy6wgZD9DOJ2QGjV5lK-rmhq0HdgfVyHOKr0Ti3QytnAW4anPF3Odu2s1LadWQJ70g27OB_YEm0d9m1NeAVF1tDf_CmzKNo/qqzn0ppo5v8fy0w/ROBLOX+EXECUTOR.zip
Resource
win10v2004-20240704-en
Malware Config
Extracted
lumma
https://bitchsafettyudjwu.shop/api
Targets
-
-
Target
https://download2264.mediafire.com/wz37pq9ajpigjN8GSaquW2qAwfMYu2R5lRCrj7NfsRyqjtgz9nTrgA0_xCzFEhOfdxQDzLL0ku23cp2nWy6wgZD9DOJ2QGjV5lK-rmhq0HdgfVyHOKr0Ti3QytnAW4anPF3Odu2s1LadWQJ70g27OB_YEm0d9m1NeAVF1tDf_CmzKNo/qqzn0ppo5v8fy0w/ROBLOX+EXECUTOR.zip
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-