General
-
Target
974e28edf145235ced706aaf27e1499ce9e6c7f7c4f49629049f8d32fcc894e4
-
Size
1.2MB
-
Sample
240801-b6p62szcnb
-
MD5
9ffec2ba5a692387f7977bebcaa9f09a
-
SHA1
e38b9a1bd1cbf76abefff45219a316bc2c3e991f
-
SHA256
974e28edf145235ced706aaf27e1499ce9e6c7f7c4f49629049f8d32fcc894e4
-
SHA512
bb122636d5d31e449b44974b69ad9e53d768caccf5804f4249a4687a58243819e84428c6b9309353c2508e2d355d55dc5d06e41837b38cc02c0435306fb73581
-
SSDEEP
24576:uxLsMs8WdcMx8SWo23V34jBYSSKa6xlA3AXRlumbau1fp52txPvdkXFuXRxT7NPz:ysldGSWo2WVSnqAsRlumeu1hY3HdkXg9
Static task
static1
Behavioral task
behavioral1
Sample
974e28edf145235ced706aaf27e1499ce9e6c7f7c4f49629049f8d32fcc894e4.exe
Resource
win7-20240705-en
Malware Config
Extracted
lumma
https://technologggisp.shop/api
https://unseaffarignsk.shop/api
https://shepherdlyopzc.shop/api
https://upknittsoappz.shop/api
https://liernessfornicsa.shop/api
https://outpointsozp.shop/api
https://callosallsaospz.shop/api
https://lariatedzugspd.shop/api
https://indexterityszcoxp.shop/api
Extracted
lumma
https://technologggisp.shop/api
https://unseaffarignsk.shop/api
https://shepherdlyopzc.shop/api
https://upknittsoappz.shop/api
https://liernessfornicsa.shop/api
https://outpointsozp.shop/api
https://callosallsaospz.shop/api
https://lariatedzugspd.shop/api
https://indexterityszcoxp.shop/api
Targets
-
-
Target
974e28edf145235ced706aaf27e1499ce9e6c7f7c4f49629049f8d32fcc894e4
-
Size
1.2MB
-
MD5
9ffec2ba5a692387f7977bebcaa9f09a
-
SHA1
e38b9a1bd1cbf76abefff45219a316bc2c3e991f
-
SHA256
974e28edf145235ced706aaf27e1499ce9e6c7f7c4f49629049f8d32fcc894e4
-
SHA512
bb122636d5d31e449b44974b69ad9e53d768caccf5804f4249a4687a58243819e84428c6b9309353c2508e2d355d55dc5d06e41837b38cc02c0435306fb73581
-
SSDEEP
24576:uxLsMs8WdcMx8SWo23V34jBYSSKa6xlA3AXRlumbau1fp52txPvdkXFuXRxT7NPz:ysldGSWo2WVSnqAsRlumeu1hY3HdkXg9
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-