General
-
Target
ade756d0226cb83732da91e85456c095fdc355b75879cd68cc92d6da2efe71a3
-
Size
3.1MB
-
Sample
240707-kdfataxglm
-
MD5
044829832c0d67a5f0e1f79316f1f039
-
SHA1
3694184da2e567fc594ececc5308785265eb446a
-
SHA256
ade756d0226cb83732da91e85456c095fdc355b75879cd68cc92d6da2efe71a3
-
SHA512
2805d2edb568146a3fd385041da7da3db5844b473fb1ede1c0538c1ae668ddd0e03e25d43053b17c5f518a90bb81fd39363a67be6500640c9eff671c50cb0fc9
-
SSDEEP
98304:OUvyeWwNyFUoWArXafuo8eX7x+6celDlMhPS:OcXHNyFUobrXzzeL06cUk6
Static task
static1
Behavioral task
behavioral1
Sample
Set-up.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Set-up.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
d3dx9_43.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
d3dx9_43.dll
Resource
win10v2004-20240704-en
Malware Config
Extracted
lumma
https://bittercoldzzdwu.shop/api
Targets
-
-
Target
Set-up.exe
-
Size
2.7MB
-
MD5
870feaab725b148208dd12ffabe33f9d
-
SHA1
9f3651ad5725848c880c24f8e749205a7e1e78c1
-
SHA256
bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55
-
SHA512
5bea301f85e6a55fd5730793b960442bc4dab92d0bf47e4e55c5490448a4a22ed6d0feb1dbe9d56d6b6ff8d06f163381807f83f467621f527bc6521857fc8e1a
-
SSDEEP
49152:C11fbWXfBeBqTww8Gkfoa0yeL8zj9JLF+lP/MatsfHVnZbhG3EVsMI62Pseaj/1n:QbWkuwwjkULhlPUatsfBxhsE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
d3dx9_43.dll
-
Size
1.9MB
-
MD5
28f6e873515ff7cbb65cfa326b343a71
-
SHA1
1105597391a13af6567502866101de09ca4ecfdd
-
SHA256
6aaa17f41f3c344c6f2c061ff9f11d769ce85bd4ace071dd076fcff31e78f8d9
-
SHA512
df1f2d2a569d26be832df78bf96992c53d2b6e51de230c0a203964d54ae25c90c52810feebe7247467129cc6214013b84251118cb330c157d0d9c131c7f2c2e7
-
SSDEEP
24576:WyU6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBFX:WP66l2u45BiNYFrz31Cv3D29kd6kPo
Score1/10 -