Overview
overview
10Static
static
3Loadkeqwke...ek.exe
windows7-x64
8Loadkeqwke...ek.exe
windows10-2004-x64
10⌚/1.exe
windows7-x64
⌚/1.exe
windows10-2004-x64
Source/QtG...re.dll
windows7-x64
1Source/QtG...re.dll
windows10-2004-x64
1Source/QtG...lur.js
windows7-x64
3Source/QtG...lur.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...yle.js
windows7-x64
3Source/QtQ...yle.js
windows10-2004-x64
3Source/QtQ...in.dll
windows7-x64
1Source/QtQ...in.dll
windows10-2004-x64
1Source/QtQ...iew.js
windows7-x64
3Source/QtQ...iew.js
windows10-2004-x64
3Source/QtQ...iew.js
windows7-x64
3Source/QtQ...iew.js
windows10-2004-x64
3Source/QtQ...umn.js
windows7-x64
3Source/QtQ...umn.js
windows10-2004-x64
3Source/QtQ...rea.js
windows7-x64
3Source/QtQ...rea.js
windows10-2004-x64
3General
-
Target
UnivMenu_1.16.rar
-
Size
115.1MB
-
Sample
240707-b556wazfqq
-
MD5
e18e891bc459792ada555c13acb8d8f8
-
SHA1
d39f96bb28ced2844121f1dff6060b4e9fbad880
-
SHA256
042516c72c68775956303f32c9e3261edfd07762ec2b926880f3559609c6af06
-
SHA512
92d654c278a8cb036a6f80c7512f30669d06bfa3d00d61c8c9d3438dd5c5aff21e0a283b45e300717225c70260232ac956a23fb675b6f2c54c32436fa7984968
-
SSDEEP
3145728:6PddPW7uvf/uL55aUXzHv1lzfn0gPW7uvf/uL55aUXzHv1lzfnh/P1H:mddPbYHXzHPDn0gPbYHXzHPDnhJ
Static task
static1
Behavioral task
behavioral1
Sample
Loadkeqwkedkqwekqwek.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Loadkeqwkedkqwekqwek.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
⌚/1.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
⌚/1.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
Source/QtGraphicalEffects/Qt5WebEngineCore.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
Source/QtGraphicalEffects/Qt5WebEngineCore.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
Source/QtGraphicalEffects/RadialBlur.js
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
Source/QtGraphicalEffects/RadialBlur.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
Source/QtQuick/Controls/Styles/Base/StatusIndicatorStyle.js
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Source/QtQuick/Controls/Styles/Base/StatusIndicatorStyle.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
Source/QtQuick/Controls/Styles/Base/ToggleButtonStyle.js
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
Source/QtQuick/Controls/Styles/Base/ToggleButtonStyle.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
Source/QtQuick/Controls/Styles/Base/TumblerStyle.js
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
Source/QtQuick/Controls/Styles/Base/TumblerStyle.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
Source/QtQuick/Controls/Styles/Desktop/GroupBoxStyle.js
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
Source/QtQuick/Controls/Styles/Desktop/GroupBoxStyle.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
Source/QtQuick/Controls/Styles/Desktop/MenuStyle.js
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Source/QtQuick/Controls/Styles/Desktop/MenuStyle.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
Source/QtQuick/Controls/Styles/Desktop/SpinBoxStyle.js
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
Source/QtQuick/Controls/Styles/Desktop/SpinBoxStyle.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Source/QtQuick/Controls/Styles/Desktop/TreeViewStyle.js
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
Source/QtQuick/Controls/Styles/Desktop/TreeViewStyle.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
Source/QtQuick/Controls/Styles/Flat/qtquickextrasflatplugin.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
Source/QtQuick/Controls/Styles/Flat/qtquickextrasflatplugin.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
Source/QtQuick/Controls/TabView.js
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
Source/QtQuick/Controls/TabView.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral27
Sample
Source/QtQuick/Controls/TableView.js
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
Source/QtQuick/Controls/TableView.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
Source/QtQuick/Controls/TableViewColumn.js
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
Source/QtQuick/Controls/TableViewColumn.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
Source/QtQuick/Controls/TextArea.js
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
Source/QtQuick/Controls/TextArea.js
Resource
win10v2004-20240704-en
Malware Config
Extracted
lumma
https://bitchsafettyudjwu.shop/api
Targets
-
-
Target
Loadkeqwkedkqwekqwek.exe
-
Size
667.6MB
-
MD5
d542e6bad83187cab7b0f203757b76b6
-
SHA1
cf8f3bd38f78ecc91ad0bd3532217e142cafdc28
-
SHA256
c3d38d839be7867e6c23eb33bf71c60416cfa2765d26d98575a362afde4909d6
-
SHA512
95fb993de1a8eed90135c6888a2d67b478d7feb105657175ac536668e695cdfcdaa6910ba08dcf6943ecf36d42d6c49fbbb7dd103dc99bb560468eb21bb13486
-
SSDEEP
196608:pFlczmSuAZRTqbH5TR6qVh4Sw17UjoAV4kWmPrzGH6i4OGYQ5:pFeqpZwqVh4SwJ6hV4k3GHh47Yc
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
⌚/1.exe
-
Size
667.6MB
-
MD5
de2b2e5b8c45d0a6204c6f6f4e4e4d5c
-
SHA1
91bc7b633d0b71caff9514ed386c25777188daae
-
SHA256
e17bc2d567eb328e6f6082b58e6f3930028caf94a2207bac7029ef5a9ef8923d
-
SHA512
e425e47b9ceb13a94a4b42e6738e248e81ac11bd93358ec5ae7e9a9ed781264ac6c969a9f122fb737009bea5f98772917f0900c2668362aa09c210b8a7627140
-
SSDEEP
98304:681SNk3eYq9Wc7ucX41k9HJGhRibqTtJuX:nVXK4K9cht+
Score1/10 -
-
-
Target
Source/QtGraphicalEffects/Qt5WebEngineCore.dll
-
Size
108.6MB
-
MD5
c3b619ac876e44f74692612c8757585a
-
SHA1
3256dfc390cafa0a276679bfad5ad9fdee103210
-
SHA256
7db1cc70873e9fc05bc644c02f074824669a2b8c1c7c596fa3974b76fbf1d1dc
-
SHA512
ace72a633e7297a749424491e35b15679979c6a252a20e64570211b1708cfe0ffd4bd1c72766f15a97d5c4209d19c8fc25505972786269e34c8c3b04239260b2
-
SSDEEP
786432:177IumwRiPP+QfeimPmmewR8rXJX7xj9Jbec6WYyZDPz03X7IP:9Iumwe+QfeimPmuRcXJBE690U
Score1/10 -
-
-
Target
Source/QtGraphicalEffects/RadialBlur.qml
-
Size
11KB
-
MD5
33fe812bfb242ae0a883932a9b35a98d
-
SHA1
cf297544e75ea94635efbb8f311c847aeba2875d
-
SHA256
e086b7c17fd77f5b4f061ef6b49f1f1482a3429705a3174db77bdd7d1e25a6ea
-
SHA512
42daeed3aac5d14370e4c9ce72e9a1d19419843d7c9667655e559cca80ec8d77ce7f804641727e15d46225bc3169d6e3959c9558fbc7bddddf4c108359d85db1
-
SSDEEP
192:7ILp3RRDQGloQhIfXoXFISCa6z/eJV5NRnYXeQ5nQJVxNjs3JNzMbth6xxJBtw36:7KkGGFQ6QV5XQUVxGfAth6xfBtw3dm/D
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Base/StatusIndicatorStyle.qml
-
Size
8KB
-
MD5
702bbbb5b40df54894cc61fcba911ceb
-
SHA1
7a63660ef3396c577835d4e2c739d7eb8c2b62fc
-
SHA256
9846d99bf3aaac6ae982d7b7ccd4479d5846457329ea0ef4b6046af901c8b085
-
SHA512
4b6ead06c75111d829707cbefa8abec8af5489d8ff6ea4109f7d5388b052ad96b34b11eb976026653e86079aa8086e79e23e958b44f72cf0120b1e30f9a30b39
-
SSDEEP
192:xZp3RRDQG8sqS/3gA5ff/PLaE+zEQaVLVsYfCeRMjt8YRS8/yfL:5kGvJX2hBYWYRKTRS8M
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Base/ToggleButtonStyle.qml
-
Size
9KB
-
MD5
f01b9b7d11d020eb671a6b4754cc520a
-
SHA1
7467abd30d7cbef91403e7e35217e47a16f109bf
-
SHA256
5de663cf32b29ddb07dc4d22e21e2e26d72633f216514e2fe9ab25f6a4362b04
-
SHA512
e456bee81eea19879c26896de39abac72d703834457de44835802df8df3ac9f6eb705571c9206bfe7afe1a1a0149b5066b0774f01285251a5c604a6e659c69dd
-
SSDEEP
192:xZp3RRDQG91qSGXagdgw1yNKgcGVKg4HfKyWz5THRvaya01HmHQHWaMD9S9Dr1hW:5kGlGJIL4JMCsgV
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Base/TumblerStyle.qml
-
Size
12KB
-
MD5
2a7125bccc4db39e74c1b1bcc535f6b5
-
SHA1
937b6deeb902fe3b15be072db75faf0b886f61b0
-
SHA256
11961547f865637ffe30f7f5f0a6df30ab28ae92437083c7df4b4b81ae0b017d
-
SHA512
8ab1dac3f3469fa34c7d5b73815974518760dd9472a1b75b09270f1a1be54c604774decf1b3d937236c170dd5efe13705747fa8009c8c185503646f20cdc2dc7
-
SSDEEP
192:xZp3RRDQG8oqSDyrgUf7dLMegZ86P0R8L84yKLKZKVpB6iKmZkNb4d3PnqAZ5nKs:5kGTDKnABLiNUfqAZ5wDHs8/4jZ
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Desktop/GroupBoxStyle.qml
-
Size
3KB
-
MD5
15c012094c3ac552500def496b4af3be
-
SHA1
5a6db39e1933df3d176a0c0c4315dc10742706d6
-
SHA256
dbd7577badd47a8ba8514cf2c828a1f94760c01036502d404222b7b130b0785b
-
SHA512
a5dab128fcbb1063a6e04de6db69e8c68ca4982a4e3728cafbe422e179725bbe11ff79728213698bca80531d9d6ecac5c0856aad5cba5ebc91c8e635f5cfa831
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Desktop/MenuStyle.qml
-
Size
4KB
-
MD5
43a7f4baa434d103d0900827cfa4a34c
-
SHA1
f7b6249474188c20852915fd8a0f5a6b169b4fce
-
SHA256
bcbf8e2f09ee6942b3eb5c9b62bfbd9372ad4fa268296f69affed28b82c7a0be
-
SHA512
7e5edd9cf2f6e2a1888f10a9b86e05534995efa723a6d136403e97f4391fe94b84809745ca4485b0345767dd5d8ea887ba6f5a1d36ce4ac056669c4a7bc20e2a
-
SSDEEP
96:xoLp3RReSQGPlS2P7/X2odbTlFoZVkam6Ij3hl:xSp3RRDQGg2PTmSbTlckB3hl
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Desktop/SpinBoxStyle.qml
-
Size
5KB
-
MD5
890194f5a34c7be87fc63a9c2cbac3a2
-
SHA1
cad6742d1b91180eea7b3469399aedb16bc6184d
-
SHA256
0fc3de9199de8fc4b3ede9171e7f03c880756016124c9de5b31f8a6272ebf3b4
-
SHA512
df795a29401b61ac86968dbb604614216c4979c586d04812c5060d000720feb5fc94793c50c62ce9530a48fcdc1d84bd5db01b9b298ce59fced351193c9299d8
-
SSDEEP
96:xoLp3RReSQGPlUKztGsyrRyVn0xnSkX/3s0JKn8AL:xSp3RRDQGWzsyNXMJL
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Desktop/TreeViewStyle.qml
-
Size
2KB
-
MD5
e0aa379b2a0c01ba02d9dd128c74bfbb
-
SHA1
4e2005633527069eede98c33628428c358ce0c64
-
SHA256
1c645cda72e81f295d03fed5142c502651c9d5f0418788f5f3c53a5720c2351e
-
SHA512
28bf0f38bd956458655590f2abddc0a14ab80cd395f18b710c0c9e973ee1c033615302c94d0bb4906d711e82880db0239c3c81ea36845d8d882e1d38a1ee3502
Score3/10 -
-
-
Target
Source/QtQuick/Controls/Styles/Flat/qtquickextrasflatplugin.dll
-
Size
814KB
-
MD5
8c16bb33c4dfde610edbc2228ecf5a21
-
SHA1
8c6561f46555228c4c75d412fefd5f998c0b1e02
-
SHA256
fb74f4049964c4242fa85ac9ae01771ee6f1698dc8e5638cce823c4561ccf5a9
-
SHA512
c7f37b88870c0db5c33de2c28bba0b26fe5c56aa73b07a9e502214d2d818d7ca27b605ba3f5282a7cf3f8632cbb3fe1165ad692d8841772faff02c0bcbeb67ce
-
SSDEEP
24576:4nygIwhCNoh+Ja9f9VhCNoh+5i9FrIJJpCNoh+75:mG2Ua//UioG5
Score1/10 -
-
-
Target
Source/QtQuick/Controls/TabView.qml
-
Size
10KB
-
MD5
518d7ce1bf34f9a48a0ad7055a5ad401
-
SHA1
d0d00961dc8a297a0be9d7f214e4c8890256bd5e
-
SHA256
345f25e31fb7e4106a5880b0a33d7d704ddd49c7656bf8ac8063ed61ffd16bb7
-
SHA512
0d44d17c163bd89ecc5ce7750b0bfbab56a376a448dee9ec4ba8f94fec5f305e35295eb770dcce01f7b705c94384f074819b8273b96c16a86ecd9f5df5c1a777
-
SSDEEP
192:xSp3RRDQG9Nkyty1yi1CQDmucP0fg979YfpwfxKt8kQx5by1XDDW8AgPOTa/GjS2:0kGPkyGGopBDfUCNLZo
Score3/10 -
-
-
Target
Source/QtQuick/Controls/TableView.qml
-
Size
10KB
-
MD5
3a4996245c71e516d68566ed30de2239
-
SHA1
109c155175680109017c72aa8a4a7db69882e8e0
-
SHA256
6da3a4c8079bfaa848cc98d46c1e7a6dcff2be7ec355273220a1386d9215b9eb
-
SHA512
9fc11c9124adf97d15fecd11d8e61619c4b460bee9b674adcd519f5f0900167e596385e2fd95152113b7692aecf463a511748902686bac72930a2e6ff27ff304
-
SSDEEP
192:xSp3RRDQG2tfhaSIThbzAkoFjnM6ojACjc+jqiSCdjJjPjjy000YNxwCWj086jgG:0kG6ESI9bz+mltJxONmmVn
Score3/10 -
-
-
Target
Source/QtQuick/Controls/TableViewColumn.qml
-
Size
6KB
-
MD5
e322f20e048d88ce920d95ee1442eb5c
-
SHA1
ba63dcbd765db8beda56f8d11f3e283b84b07855
-
SHA256
e6bc2ce248b268fe53d74e52b830929fb84c684d0e1c7a3e5c7347e1274536f4
-
SHA512
b383cc08485eae6f6f3653c7eec285c8af4c2e0b918790b6f1199201a0d94b714f9fa1ad4cb1db2c829d1a5167fa8b09803272daee2f12e9263ef8e24ec55dcc
-
SSDEEP
192:xSp3RRDQGY+gt7cbCZFRrsXMF1SmKANa1Q9iSCyu:0kGBIZPIUriP
Score3/10 -
-
-
Target
Source/QtQuick/Controls/TextArea.qml
-
Size
34KB
-
MD5
49c43180e84c2c511be7ca6bf8165147
-
SHA1
6457d4d20e1147c35d17ac7e9778a8291be458c4
-
SHA256
accaefce99616f0485da074a78a20e6af80f5829adccf2f9f9103cad5c91b090
-
SHA512
d39571bb3f82c6fb332a06f0912ed8e3d9fe2d0193e4e075907d635b73fb96f94b8da7adde0c27734f1e20bb4d50b13ad8d3658cd6161f5306aaac69ebe974e5
-
SSDEEP
384:0kGuvtEdiGiunMPgVFHS1EngI+2d5GSy5Nt6Vyot+6M:pGulkvHS1462d54Nt6Vyot+6M
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2JavaScript
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Power Settings
1