General
-
Target
ratecon.exe
-
Size
174KB
-
Sample
240710-wp3q2asbjr
-
MD5
e88090688568737d446e4deeb010ca30
-
SHA1
5f96db7467fb79c71cbcc3366ad5715d9c8d4b3c
-
SHA256
adfec68a396185a6741875b8c5a7bc01a59f6638667c0c1efaacb4d6382026f1
-
SHA512
3dab64e33a2516cdf691d0be630503e2eca43c73b7de1658179403c9a3263c2e45c9795f9e09af5c5300d415995ac5e7ec111ca0018558ad5861290010036ffd
-
SSDEEP
3072:XahKyd2n31W5GWp1icKAArDZz4N9GhbkrNEk6aL3x:XahO2p0yN90QEE
Static task
static1
Behavioral task
behavioral1
Sample
ratecon.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
lumma
https://handyxczos.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
ratecon.exe
-
Size
174KB
-
MD5
e88090688568737d446e4deeb010ca30
-
SHA1
5f96db7467fb79c71cbcc3366ad5715d9c8d4b3c
-
SHA256
adfec68a396185a6741875b8c5a7bc01a59f6638667c0c1efaacb4d6382026f1
-
SHA512
3dab64e33a2516cdf691d0be630503e2eca43c73b7de1658179403c9a3263c2e45c9795f9e09af5c5300d415995ac5e7ec111ca0018558ad5861290010036ffd
-
SSDEEP
3072:XahKyd2n31W5GWp1icKAArDZz4N9GhbkrNEk6aL3x:XahO2p0yN90QEE
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-