General
-
Target
AccessoryLiberty.zip
-
Size
966KB
-
Sample
241113-ybsp1s1pdk
-
MD5
bdccffd702a8417f5f5e86492a0f24ba
-
SHA1
673c983f32fef0c4f57fe8670781170663dc4476
-
SHA256
b80c11df84d7873d503f4961a305ffe8ea74ce65d411273183939d3c446cb5f8
-
SHA512
f88a46919a97e8c49a91fc7cea19c1996ce50ecdf47552a013b94dddd416f9bf03d0d185b6daabbb13b7b916842fa6815ddbd14b6c74b38068e287bcc0c83a0a
-
SSDEEP
24576:irqKBXs5cH4qgGinO0Gf4EfLsBJnhU7DMOR8pPqU127c3WX:MXs5Tq0M4EfYBNh2t85q447
Static task
static1
Behavioral task
behavioral1
Sample
AccessoryLiberty.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AccessoryLiberty.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
lumma
https://toleratedbaybo.cyou/api
Extracted
https://mindfusteps.shop/minz/m4nd.zip
https://mindfusteps.shop/minz/m2nd.zip
https://mindfusteps.shop/minz/m3nd.zip
https://mindfusteps.shop/minz/m1nd.zip
https://mindfusteps.shop/mind/
Targets
-
-
Target
AccessoryLiberty.exe
-
Size
996KB
-
MD5
e408e6a925110492f93cdfda48ca74eb
-
SHA1
27e2eeeac0621d1939dd3e5e176b9544e4397689
-
SHA256
4b64a85c1eaed8608e1f6162f6f643ee0e44017eb4564ce7bad41ed3bcf30342
-
SHA512
7757f8ab7509bed46052fac8a8f114bddb78882154a01d4d66fbf577099bebde56d4bb9d8a6cad764bd55fc1b781fc116ba11b6e50e56a330ca4aea381bf787b
-
SSDEEP
24576:XNgeBRs58xWqeGmjeAG/4Cf1ObNnhU/vMw/qvDqg1UFebT:fRs53qCy4Cf0bRhgtq7q8uU
Score10/10-
Lumma family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2