General
-
Target
Exploit-Injector.exe
-
Size
520KB
-
Sample
240706-vd7eeawanl
-
MD5
e33e20692925c5e5750ee568c620c2f6
-
SHA1
1dfe2a0b5889d9265032688c415abaf250799e0c
-
SHA256
cfa7563cdcd5e5bb1dab0adbd99c6c485fb980733eecf5138eee937205cd3d6d
-
SHA512
b034cd073d45c07e19a04c1f979a3d4f9cff2f9e3b6e55ebe3bbda0aa0937719ce99a7586fa4a2c7a954e3c6cf89115596d059317b489b17fd14804e607915f1
-
SSDEEP
12288:m1JA1iVEq5ppEZSBTJAuuC0KFhEhhdkNav2DQhy:m1eoVT7EMXJM6M
Static task
static1
Malware Config
Extracted
lumma
https://bouncedgowp.shop/api
Targets
-
-
Target
Exploit-Injector.exe
-
Size
520KB
-
MD5
e33e20692925c5e5750ee568c620c2f6
-
SHA1
1dfe2a0b5889d9265032688c415abaf250799e0c
-
SHA256
cfa7563cdcd5e5bb1dab0adbd99c6c485fb980733eecf5138eee937205cd3d6d
-
SHA512
b034cd073d45c07e19a04c1f979a3d4f9cff2f9e3b6e55ebe3bbda0aa0937719ce99a7586fa4a2c7a954e3c6cf89115596d059317b489b17fd14804e607915f1
-
SSDEEP
12288:m1JA1iVEq5ppEZSBTJAuuC0KFhEhhdkNav2DQhy:m1eoVT7EMXJM6M
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-