General
-
Target
dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453.exe
-
Size
12KB
-
Sample
240714-lx1xaswapr
-
MD5
a14e63d27e1ac1df185fa062103aa9aa
-
SHA1
2b64c35e4eff4a43ab6928979b6093b95f9fd714
-
SHA256
dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453
-
SHA512
10418efcce2970dcdbef1950464c4001753fccb436f4e8ba5f08f0d4d5c9b4a22a48f2803e59421b720393d84cfabd338497c0bc77cdd4548990930b9c350082
-
SSDEEP
192:brl2reIazGejA7HhdSbw/z1ULU87glpK/b26J4S1Xu85:b52r+xjALhMWULU870gJJ
Static task
static1
Behavioral task
behavioral1
Sample
dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
jony
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Extracted
lumma
https://replacedoxcjzp.shop/api
Targets
-
-
Target
dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453.exe
-
Size
12KB
-
MD5
a14e63d27e1ac1df185fa062103aa9aa
-
SHA1
2b64c35e4eff4a43ab6928979b6093b95f9fd714
-
SHA256
dda39f19837168845de33959de34bcfb7ee7f3a29ae55c9fa7f4cb12cb27f453
-
SHA512
10418efcce2970dcdbef1950464c4001753fccb436f4e8ba5f08f0d4d5c9b4a22a48f2803e59421b720393d84cfabd338497c0bc77cdd4548990930b9c350082
-
SSDEEP
192:brl2reIazGejA7HhdSbw/z1ULU87glpK/b26J4S1Xu85:b52r+xjALhMWULU870gJJ
-
Detect Vidar Stealer
-
Modifies security service
-
Phorphiex payload
-
Downloads MZ/PE file
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1