General
-
Target
infected.zip
-
Size
4.0MB
-
Sample
240705-yx2j2sxcmb
-
MD5
101a3061619bdb9e71bb91fa32eefb9b
-
SHA1
41b3a2605900d72ed4221a4c2c8e79bd3c6aa5d6
-
SHA256
78921f75ee30f950b9cfa43a79f92edc2589cc0e813f22ebdb4993ab5b4926ac
-
SHA512
6198e59f69502ca9e9cd65d90270907e932c46db51c125cc0c23d1ba7702e03a4c9f0d42822648e2a5d49d8d676447d9d3ec125b7b4f29790dde4b8f940c1bec
-
SSDEEP
98304:g6aZ3ofc1iwhDYibIQ4QvIHQvgfcuJQF4sZvjtAoIyuUu5rayqWeoB7/:g6u3ec1iwhDcQ4Qr+AtZuUWraysGr
Static task
static1
Behavioral task
behavioral1
Sample
infected.zip
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
infected.zip
Resource
win11-20240704-en
Malware Config
Extracted
lumma
https://unwielldyzpwo.shop/api
Targets
-
-
Target
infected.zip
-
Size
4.0MB
-
MD5
101a3061619bdb9e71bb91fa32eefb9b
-
SHA1
41b3a2605900d72ed4221a4c2c8e79bd3c6aa5d6
-
SHA256
78921f75ee30f950b9cfa43a79f92edc2589cc0e813f22ebdb4993ab5b4926ac
-
SHA512
6198e59f69502ca9e9cd65d90270907e932c46db51c125cc0c23d1ba7702e03a4c9f0d42822648e2a5d49d8d676447d9d3ec125b7b4f29790dde4b8f940c1bec
-
SSDEEP
98304:g6aZ3ofc1iwhDYibIQ4QvIHQvgfcuJQF4sZvjtAoIyuUu5rayqWeoB7/:g6u3ec1iwhDcQ4Qr+AtZuUWraysGr
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-