General
-
Target
back.exe
-
Size
508KB
-
Sample
240707-b8n2rssfna
-
MD5
828db3f05fb04961a7787b56d7040332
-
SHA1
6824f8bc1f1874a65dc383d6d8c3b357ee74b232
-
SHA256
4bbf25acfe56a5108ad9c90d3586f28a4bf58b2a032f8a6b30fbeb96b7c35ec0
-
SHA512
51c60576d6ff8d768eb2150a0efd0072203f60ac73a1f8844f78341316093d54131175f87a7ae8333bfbafae6cd14e37968b4ce91c92c18b5f9c2b87ab4876f6
-
SSDEEP
6144:wPiIYs5NgW3IPHKSv0oMCkpmcYr29wnxAxCrVa6ot6ifWoU7iaJAP2d+PwpWDMEK:uKs5NgWCvNNCEixChEdRUO8pQq8JtXy
Static task
static1
Behavioral task
behavioral1
Sample
back.exe
Resource
win7-20240221-en
Malware Config
Extracted
lumma
https://arritswpoewroso.shop/api
Targets
-
-
Target
back.exe
-
Size
508KB
-
MD5
828db3f05fb04961a7787b56d7040332
-
SHA1
6824f8bc1f1874a65dc383d6d8c3b357ee74b232
-
SHA256
4bbf25acfe56a5108ad9c90d3586f28a4bf58b2a032f8a6b30fbeb96b7c35ec0
-
SHA512
51c60576d6ff8d768eb2150a0efd0072203f60ac73a1f8844f78341316093d54131175f87a7ae8333bfbafae6cd14e37968b4ce91c92c18b5f9c2b87ab4876f6
-
SSDEEP
6144:wPiIYs5NgW3IPHKSv0oMCkpmcYr29wnxAxCrVa6ot6ifWoU7iaJAP2d+PwpWDMEK:uKs5NgWCvNNCEixChEdRUO8pQq8JtXy
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-