General
-
Target
#Set-Uρ__9571--P𝐚SS̤̊w0rD̼S!!# (9571).zip
-
Size
5.7MB
-
Sample
241113-zgjjzayjay
-
MD5
ed1ba2d2ef2defc75f970cd53224d9f6
-
SHA1
062438459a1989bcfffa3779cf6451aaf107743e
-
SHA256
e3f091c26b500cc71b761c4608a7d466cacf75d0a9d982c2fefa539bb2b96362
-
SHA512
765c5285e89771c91e31612dbe8102b15b7af5bee18198b92bb1b6c58d968de7c6204107fa819dd098e6b2fc2d86f9e1bf811ae12226311c0af5e23d6481eca1
-
SSDEEP
98304:HH4e2PdHzJmI6Velw3O8IaGQaT9RPDaFUpfpYEM1tAzAAg2q1BDWfm41A6bvdOgH:4eudQI6VelmEqav7aF4M1uYye41A6rhH
Static task
static1
Behavioral task
behavioral1
Sample
!Set-𝙐p_9571--PaṨ𝚂𝚆0rᎠ𝒮S#.rar
Resource
win11-20241007-en
Malware Config
Extracted
https://mindfusteps.shop/minz/m4nd.zip
https://mindfusteps.shop/minz/m2nd.zip
https://mindfusteps.shop/minz/m3nd.zip
https://mindfusteps.shop/minz/m1nd.zip
https://mindfusteps.shop/mind/
Extracted
lumma
https://pixelstory.shop/api
Targets
-
-
Target
!Set-𝙐p_9571--PaṨ𝚂𝚆0rᎠ𝒮S#.rar
-
Size
5.7MB
-
MD5
187384d2980886e47bc6b18868b5b843
-
SHA1
fc8d27ebe873ddd351da0a23ff4a9dbfb3da1b60
-
SHA256
b98af4a6a58a4a1baed6fa1e649ae3a54e686e4ab4d792d94eb0cce77bed25ff
-
SHA512
cdf5640dea2e8a92508fdee3fffb3443aa4570756fd02e51d9335443851015f93635d4193971ca113d28e104ab227626d72b499a0cd1ad5d326c9e54548efae9
-
SSDEEP
98304:1H4e2PdHzJmI6Velw3O8IaGQaT9RPDaFUpfpYEM1tAzAAg2q1BDWfm41A6bvdOgp:ieudQI6VelmEqav7aF4M1uYye41A6rhp
Score10/10-
Lumma family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-