General
-
Target
S.zip
-
Size
1.3MB
-
Sample
241021-qffl9awhnr
-
MD5
0a4e0b96cd41f0d2520e4e9ec1145ea9
-
SHA1
405fca442cf88912259b0ebfe0de5d25bf0d0656
-
SHA256
8982fb3f4b3d431e50e1a2ca17d46559bdcd1b5b8f07e06a6e42da39e8a8f845
-
SHA512
56e00a764d51ddd23fe63f36b7925754f560ed3da0c3561457a0c959ea3a6da0fe29e3f774ef81ca73c6f90909f3c89252787710d2d08de5b0f676c9dd0c254c
-
SSDEEP
24576:3iQXw/0nm118wnccmrPxMUwgiLw0iaM2qcrls/aMie:3vXwcmYwnccmTxMUP3J0QaMD
Static task
static1
Malware Config
Extracted
lumma
https://snailyeductyi.sbs
https://ferrycheatyk.sbs
https://deepymouthi.sbs
https://wrigglesight.sbs
https://captaitwik.sbs
https://sidercotay.sbs
https://heroicmint.sbs
https://monstourtu.sbs
Targets
-
-
Target
Setup.exe
-
Size
89.0MB
-
MD5
8ca3c0938fc208653ee70c07c97d0b2f
-
SHA1
6c16c9f971bd63fa66729a22462379cbc966bdb4
-
SHA256
81aa20dea213a7b44f10cb281b4dca82ddeb0237867a41e85a61ed39045c728f
-
SHA512
2187aee691bcf9236fa19f919c6b21db7b94e87ae274094d3b693d822b26648c8d61aaab66bc67da0bc615384cb660dd09322a526535ab17f737e8f22a7de0ea
-
SSDEEP
24576:V2hmfw/0pe1fawnocABP/Mmig45o4saM4+cL9E/GMiy:/fwc8cwnocAZ/Mmx1FM4GMf
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-