General
-
Target
UnivMenu_1.16.rar
-
Size
9.2MB
-
Sample
240710-sztz4avhrq
-
MD5
4014aa6bc9b7eebbff04120d7fb5bb81
-
SHA1
72d5995363532cc1ed941ea171f7c253f3b4d0c1
-
SHA256
bd2983e3549c1a8a9a065579a17f371c7833ed660575be87ef55a274c2c9f2be
-
SHA512
f31c456dfab8413c8db19108724f844ae02d3be3a048fe9b744a8a2b012ed56787e44c5f251d340ea1534da3ca9f9c8b34514eab89950afcc11567ad812a870c
-
SSDEEP
196608:v4iPkx7RA/kGxLyCYGKGfi+dEgn1U1mWbAB7sERdCoohDpMJSn3JKL3:viVRA7LyvGKEiWEmaxA5sERdjo2S3MD
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20240708-en
Malware Config
Extracted
lumma
https://extorteauhhwigw.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
Loader.com
-
Size
1023.9MB
-
MD5
b60f959d4def50604d09ca6453f109bd
-
SHA1
0dbd10233629917c5df6d5ca3fe905a7ad190fbc
-
SHA256
b5dc54c75d4472de9f71272a54e69ce339fb916cac1ed608d2aa3abf6e2cf1e2
-
SHA512
859d8fb09ae57c45b656030984ec53e1ee344f7c06792e50093e1d51479dc458b50e7a1f0606211c67a184124bc7c470f650caeb6b2088c3d28155e078f5e6df
-
SSDEEP
196608:TWFUva025nAxz4hixEofY1INseWRq9Jqf2tlN9xNpN:TWF6UnGMhscRRMjzNHNpN
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Power Settings
1