General
-
Target
setup.msi
-
Size
34.8MB
-
Sample
240710-mea4lathre
-
MD5
6e619d3d24f58bfb7bd7e76a4756e258
-
SHA1
890359e1e86525c4c14e975e762239878134b32d
-
SHA256
5b3a41ed8a9a619b4aa18cef611c94b3273671ad464847cbfa600a6571c64431
-
SHA512
1a1f432c3c8ed5c627b2724b1fc5600ba31859838445b67d137c29439345e48bebe16074c3d9f909958af31670764422b379d7ced52c13feca7468e25a10162e
-
SSDEEP
786432:0qpRkI57hVSZmlNdonqUuhGMCiEIS/vTis1M:0qXT57jSZmGnqUezSTt
Static task
static1
Behavioral task
behavioral1
Sample
setup.msi
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
setup.msi
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
setup.msi
Resource
win11-20240709-en
Malware Config
Extracted
https://two-root.com/02074.bs64
Extracted
lumma
https://respectabledpcs.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
setup.msi
-
Size
34.8MB
-
MD5
6e619d3d24f58bfb7bd7e76a4756e258
-
SHA1
890359e1e86525c4c14e975e762239878134b32d
-
SHA256
5b3a41ed8a9a619b4aa18cef611c94b3273671ad464847cbfa600a6571c64431
-
SHA512
1a1f432c3c8ed5c627b2724b1fc5600ba31859838445b67d137c29439345e48bebe16074c3d9f909958af31670764422b379d7ced52c13feca7468e25a10162e
-
SSDEEP
786432:0qpRkI57hVSZmlNdonqUuhGMCiEIS/vTis1M:0qXT57jSZmGnqUezSTt
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-