General
-
Target
a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969
-
Size
1022KB
-
Sample
240711-14pvyayeld
-
MD5
4feaa73d5ae0b0ad580f6bbe51dfb43c
-
SHA1
96dacd29fe2fad08335d7c02cde13707f9791c77
-
SHA256
a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969
-
SHA512
f70f6c844c37332a1bf10f68fd2e8b0ef10fe771fb464b129311ba3652ed09f9a1e2221b0fb29e7f211b9d590b24fb3153e685f42d73dc9552d3ab8a11612d74
-
SSDEEP
24576:5ZS6ZStyxd2v1fkSL/oW2i70NfCVoqjqWB4NrK2Qdb3m:nZStyxdaJzrJ7kCyqGA4RVQ4
Static task
static1
Behavioral task
behavioral1
Sample
a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969.exe
Resource
win7-20240708-en
Malware Config
Extracted
lumma
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969
-
Size
1022KB
-
MD5
4feaa73d5ae0b0ad580f6bbe51dfb43c
-
SHA1
96dacd29fe2fad08335d7c02cde13707f9791c77
-
SHA256
a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969
-
SHA512
f70f6c844c37332a1bf10f68fd2e8b0ef10fe771fb464b129311ba3652ed09f9a1e2221b0fb29e7f211b9d590b24fb3153e685f42d73dc9552d3ab8a11612d74
-
SSDEEP
24576:5ZS6ZStyxd2v1fkSL/oW2i70NfCVoqjqWB4NrK2Qdb3m:nZStyxdaJzrJ7kCyqGA4RVQ4
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-