General
-
Target
ClientAppSettings.json
-
Size
3KB
-
Sample
240706-whcahaxflq
-
MD5
7a3ddecfa7f54d37a3a682ff672ddc5b
-
SHA1
336e6ec98ec7ede6fecf0ca57009ed300ba5b187
-
SHA256
d58416aa991d70de03d3d80c8ea1290107222cfa1d4d1714047f878b559d3c11
-
SHA512
34f84b828576d2dc5f805c4939deb9e7436eb2d75154d7f1f6e2707b9cb07551e376a2b295ffdc97d37ce3e65b8331a1f919c3817efb742634f929b1cc1f4f57
Static task
static1
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
194.28.224.2 - Port:
21 - Username:
anonymous - Password:
anonymous@
Extracted
Family
lumma
C2
https://bannngwko.shop/api
Targets
-
-
Target
ClientAppSettings.json
-
Size
3KB
-
MD5
7a3ddecfa7f54d37a3a682ff672ddc5b
-
SHA1
336e6ec98ec7ede6fecf0ca57009ed300ba5b187
-
SHA256
d58416aa991d70de03d3d80c8ea1290107222cfa1d4d1714047f878b559d3c11
-
SHA512
34f84b828576d2dc5f805c4939deb9e7436eb2d75154d7f1f6e2707b9cb07551e376a2b295ffdc97d37ce3e65b8331a1f919c3817efb742634f929b1cc1f4f57
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-