General
-
Target
cincinati.zip
-
Size
982KB
-
Sample
241119-marksatphv
-
MD5
4b1eee4ab5a46f1215f7397a650e385f
-
SHA1
93104208b9a3e25900e2c6489c398ec1ae07db56
-
SHA256
3d36c412f3e9bd9983629b45cc34dc5ac1d48cec7232a3d8ace19ae1181f7649
-
SHA512
c25c93642125540ac105932fe813243357df50d48cea289effa259a3e7cc2b272e3674c3119ae075412d214ca71b05d9e9414d0a6d50d033364bbf2258d07bb3
-
SSDEEP
24576:toTUYr0y8REypuQNALZmH5H81Dn81bQ1Sy:t4USz8REyc3LZmZKn91V
Static task
static1
Behavioral task
behavioral1
Sample
cincinati.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cincinati.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
RomanticCopyright.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://processhol.sbs/api
https://p10tgrace.sbs/api
https://peepburry828.sbs/api
https://3xp3cts1aim.sbs/api
https://p3ar11fter.sbs/api
Targets
-
-
Target
cincinati.zip
-
Size
982KB
-
MD5
4b1eee4ab5a46f1215f7397a650e385f
-
SHA1
93104208b9a3e25900e2c6489c398ec1ae07db56
-
SHA256
3d36c412f3e9bd9983629b45cc34dc5ac1d48cec7232a3d8ace19ae1181f7649
-
SHA512
c25c93642125540ac105932fe813243357df50d48cea289effa259a3e7cc2b272e3674c3119ae075412d214ca71b05d9e9414d0a6d50d033364bbf2258d07bb3
-
SSDEEP
24576:toTUYr0y8REypuQNALZmH5H81Dn81bQ1Sy:t4USz8REyc3LZmZKn91V
-
Lumma family
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
-
-
Target
RomanticCopyright.exe
-
Size
10.0MB
-
MD5
a737e94c53a284ae8c712eb7b2a2d209
-
SHA1
a5d4113415f38413b5bcc2698e4aaf573cf8217c
-
SHA256
677b2f7ea578826adb9c0f359c6436c364f712803080b38d81ecc1f25e5b97f5
-
SHA512
ab87ef25549d4860269015d279aaf90a35bfd4c26457271a84cacf64c0a0c97d0e4c435136fb9defd2c64307d1bc1e9596ee278c868e101f6a2c657f87bd80b6
-
SSDEEP
24576:AoN7JofAGrqyy7IyDCaNg9L+HlH8Zlna1bQ1SD:nBJ+AEty7IyOD9L+FUnv1I
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-