General
-
Target
Screenshot 2024-10-13 143749.png
-
Size
64KB
-
Sample
241016-tkx9msycle
-
MD5
95d5aa54faf76aa9aca139303ebc2e43
-
SHA1
76f8da4301ffa7c22d75c0dc7a0c81de4b01d29e
-
SHA256
ac699bf7c5b7dd3fc7bbfc54001efcef55113f2bb6963017ea0d6181e197d938
-
SHA512
13b2d3b9d94ef5aa31940c600d73949aa06b106e26e7fe4559c7f8a234d152e642a3ee61fba4d524699f6f4de75abc109a35f7849f2918bcb97cf906fa509cf7
-
SSDEEP
768:8vEAUAJkpKz6zi3Q+KygRlK9NCeXb+O7NQ8NMVPfOR1FOMAwYasPXYXh7B/dKzcl:8vEa2W6PZ/RK56GNlyPfEFdJBN/4zc6A
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2024-10-13 143749.png
Resource
win10v2004-20241007-en
Malware Config
Extracted
lumma
https://conceptionnyi.sbs
https://platformcati.sbs
https://nervepianoyo.sbs
https://qualifielgalt.sbs
https://smashygally.sbs
https://fightyglobo.sbs
https://modellydivi.sbs
https://pioneeruyj.sbs
Targets
-
-
Target
Screenshot 2024-10-13 143749.png
-
Size
64KB
-
MD5
95d5aa54faf76aa9aca139303ebc2e43
-
SHA1
76f8da4301ffa7c22d75c0dc7a0c81de4b01d29e
-
SHA256
ac699bf7c5b7dd3fc7bbfc54001efcef55113f2bb6963017ea0d6181e197d938
-
SHA512
13b2d3b9d94ef5aa31940c600d73949aa06b106e26e7fe4559c7f8a234d152e642a3ee61fba4d524699f6f4de75abc109a35f7849f2918bcb97cf906fa509cf7
-
SSDEEP
768:8vEAUAJkpKz6zi3Q+KygRlK9NCeXb+O7NQ8NMVPfOR1FOMAwYasPXYXh7B/dKzcl:8vEa2W6PZ/RK56GNlyPfEFdJBN/4zc6A
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-