General
-
Target
ExtraSoft.exe
-
Size
522KB
-
Sample
240707-qx1czswbjf
-
MD5
355a0005ffcee353087d4ab8e60875b4
-
SHA1
7f177a91a50823e51ad6fb24fd2485cd5ac9a86c
-
SHA256
572fafc98da907c4ebc64b7b3c1fc87660a2660fc8d127b6fc478a92e4675f2c
-
SHA512
c360302802e4d10c5231645b082ae878233808c9e659a0703a47c86b9b857513f50e0a6dd0c9bf36cd4f70261af25872f69f2f630dede57b589eacfa8ff9b53a
-
SSDEEP
12288:ot5fi7tZZ5VGUYpyDZ/pswptldIMOyyh:otpsttE6DZxYd
Static task
static1
Malware Config
Extracted
lumma
https://extorteauhhwigw.shop/api
Targets
-
-
Target
ExtraSoft.exe
-
Size
522KB
-
MD5
355a0005ffcee353087d4ab8e60875b4
-
SHA1
7f177a91a50823e51ad6fb24fd2485cd5ac9a86c
-
SHA256
572fafc98da907c4ebc64b7b3c1fc87660a2660fc8d127b6fc478a92e4675f2c
-
SHA512
c360302802e4d10c5231645b082ae878233808c9e659a0703a47c86b9b857513f50e0a6dd0c9bf36cd4f70261af25872f69f2f630dede57b589eacfa8ff9b53a
-
SSDEEP
12288:ot5fi7tZZ5VGUYpyDZ/pswptldIMOyyh:otpsttE6DZxYd
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-