General
-
Target
7e39b18800ab3925c3c6fcf9f1815b6c6c8516c39979c89063b205b8f0e08fb7
-
Size
16.5MB
-
Sample
240801-jj8zmstepc
-
MD5
d14b4ab0fa516a8132fbaa3f7f420d33
-
SHA1
c31652da8a898ef088dd33e5378b42ba5169e8ef
-
SHA256
7e39b18800ab3925c3c6fcf9f1815b6c6c8516c39979c89063b205b8f0e08fb7
-
SHA512
60106619f7581a81db4726d6c0c691fb583297c26bafe45cf5c321fa2a6b1a308e0e335e3801ebaca7f6c663d34d38d3dd07f6a0db62cf98145ac66f9ff72972
-
SSDEEP
393216:x25IRZ7bDcgFBWa8UobbEFHECc5/x3YfTEvYydiv53:xia+JnCyxIfkY/53
Static task
static1
Behavioral task
behavioral1
Sample
cb25ccf6059c2f8a041f22e6fb110b7fbbc6cbdb4a5c35f0555cd735b5686a42.exe
Resource
win7-20240708-en
Malware Config
Extracted
lumma
https://applyzxcksdia.shop/api
https://replacedoxcjzp.shop/api
https://declaredczxi.shop/api
https://catchddkxozvp.shop/api
https://arriveoxpzxo.shop/api
https://contemplateodszsv.shop/api
https://bindceasdiwozx.shop/api
https://conformfucdioz.shop/api
Extracted
lumma
https://applyzxcksdia.shop/api
Targets
-
-
Target
cb25ccf6059c2f8a041f22e6fb110b7fbbc6cbdb4a5c35f0555cd735b5686a42.exe
-
Size
16.6MB
-
MD5
532d05ffeadbd71ebd3427d829a6759f
-
SHA1
f29fce536f35aeda262f07624469cc7932e0a5d2
-
SHA256
cb25ccf6059c2f8a041f22e6fb110b7fbbc6cbdb4a5c35f0555cd735b5686a42
-
SHA512
b7aad59e3c0eaae7a09bb5d7866fad8f1951ce86975eb736863654bcc5ec6afcb441761c54c55396f99cfe7d6fcf21818d2bf5449092ae3d4853e5d02f28fbb8
-
SSDEEP
393216:Upw0Jt5ov09pHGru+gIo2Ci/3Bh1kYnXQS2BKKQqS6gjeXECSZEP6T:IwcUv00utILxhBXiBWqseXEbT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-