General
-
Target
broadcom5.exe
-
Size
13.2MB
-
Sample
240909-jbmrfazcre
-
MD5
de5df8536b7d4d9c45fc2e9c6639f24e
-
SHA1
5394559d6e470025d886678f4d625a3d01f55d64
-
SHA256
7382e6823dc5b6f0ae9b4a67f30a6fe8dc400dfa95278ec647d06e6550ada24e
-
SHA512
b14c108ac482d54ee000b729170a765f4506ebeb1e7ebbfd7c4367e93cb1b46da642096d8191f1cea13e16b05c124fd7bdaea9323cb53c9a7b5d92629ed7ccad
-
SSDEEP
393216:7DfYtlZKIfz5Nk7uSff1yosdxz60CptWbN/33YFEr:7D2lnkaSnCd00Cps/fr
Static task
static1
Behavioral task
behavioral1
Sample
broadcom5.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
analforeverlovyu.top
thirtv13sb.top
-
url_path
/v1/upload.php
Extracted
lumma
https://preachstrwnwjw.shop/api
https://complainnykso.shop/api
https://basedsymsotp.shop/api
https://charistmatwio.shop/api
https://grassemenwji.shop/api
https://ignoracndwko.shop/api
https://stitchmiscpaew.shop/api
https://commisionipwn.shop/api
https://tenntysjuxmz.shop/api
Targets
-
-
Target
broadcom5.exe
-
Size
13.2MB
-
MD5
de5df8536b7d4d9c45fc2e9c6639f24e
-
SHA1
5394559d6e470025d886678f4d625a3d01f55d64
-
SHA256
7382e6823dc5b6f0ae9b4a67f30a6fe8dc400dfa95278ec647d06e6550ada24e
-
SHA512
b14c108ac482d54ee000b729170a765f4506ebeb1e7ebbfd7c4367e93cb1b46da642096d8191f1cea13e16b05c124fd7bdaea9323cb53c9a7b5d92629ed7ccad
-
SSDEEP
393216:7DfYtlZKIfz5Nk7uSff1yosdxz60CptWbN/33YFEr:7D2lnkaSnCd00Cps/fr
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-