General
-
Target
Instalador.exe
-
Size
30.2MB
-
Sample
240914-hkx34a1hrh
-
MD5
d5dccffd360ceaec6d69c055c57a5c6b
-
SHA1
b291c5d858050a0a8c1da4c000c54efb5b34dc97
-
SHA256
09d5dee2d65a5b9edbb9a72e74ddc87b3a417ab46c50f516d3407a2099ebd369
-
SHA512
05e9b94867927297dfd3d0426c254affa68f7fe065ea174ef86e02d0dafdc2565667c0888a5b75e405df27a5b8e80e31bf101ddc93986ee5fe5e057ec0defd1e
-
SSDEEP
393216:brHzHCocEm3j9kYnq5CIA8F87VzgEFlQ1C:bLzH3VIj9k0aCIAN
Static task
static1
Behavioral task
behavioral1
Sample
Instalador.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Instalador.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
lumma
https://writerospzm.shop/api
Targets
-
-
Target
Instalador.exe
-
Size
30.2MB
-
MD5
d5dccffd360ceaec6d69c055c57a5c6b
-
SHA1
b291c5d858050a0a8c1da4c000c54efb5b34dc97
-
SHA256
09d5dee2d65a5b9edbb9a72e74ddc87b3a417ab46c50f516d3407a2099ebd369
-
SHA512
05e9b94867927297dfd3d0426c254affa68f7fe065ea174ef86e02d0dafdc2565667c0888a5b75e405df27a5b8e80e31bf101ddc93986ee5fe5e057ec0defd1e
-
SSDEEP
393216:brHzHCocEm3j9kYnq5CIA8F87VzgEFlQ1C:bLzH3VIj9k0aCIAN
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1