Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569
-
Size
3.2MB
-
Sample
240829-phyp6s1dkg
-
MD5
f8afafba3e86d50ad9edce1d0ea179ab
-
SHA1
da2a418d7d4f39222d16cfad8cb381ca53f7339c
-
SHA256
2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569
-
SHA512
a23d51e4621b9a18d9f99d797bccf64ded9fddc0c63ccda8df5d1d13c5e35633c14bcb66a3dd1205d07c5c3637a9d58e17794e1e85b9d78e578ec723a708abc4
-
SSDEEP
49152:Aa5dRh/rrdcQX7kAmen7jJRkNkdKiJZeKtH0LzHPzkRyq/cHG53IpOMb6tdz6c:Aa5rJ/+ewIH/5dKaZeQH0Lc8GKAdz6c
Static task
static1
Behavioral task
behavioral1
Sample
2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569.exe
Resource
win11-20240802-en
Malware Config
Extracted
lumma
https://awwardwiqi.shop/api
https://locatedblsoqp.shop/api
https://traineiwnqo.shop/api
Targets
-
-
Target
2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569
-
Size
3.2MB
-
MD5
f8afafba3e86d50ad9edce1d0ea179ab
-
SHA1
da2a418d7d4f39222d16cfad8cb381ca53f7339c
-
SHA256
2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569
-
SHA512
a23d51e4621b9a18d9f99d797bccf64ded9fddc0c63ccda8df5d1d13c5e35633c14bcb66a3dd1205d07c5c3637a9d58e17794e1e85b9d78e578ec723a708abc4
-
SSDEEP
49152:Aa5dRh/rrdcQX7kAmen7jJRkNkdKiJZeKtH0LzHPzkRyq/cHG53IpOMb6tdz6c:Aa5rJ/+ewIH/5dKaZeQH0Lc8GKAdz6c
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-