General
-
Target
7loader.7z
-
Size
7KB
-
Sample
241120-gdrgasskd1
-
MD5
4587bf3746a5674a1797ea7fe50d0893
-
SHA1
ea740da047d03d09b69417f6453d953392efc749
-
SHA256
2bb2c59d97f7aa971f1fcd7518fcf4331550029765b0943f84d32d5eec603760
-
SHA512
ef589aa9da32570e7c144aa56e283b67705b242bff2c846ae7a443185ad33153bf7024df2eeee17659a5cd8aadd04271e46d3afc792586c29e37448c08666b9f
-
SSDEEP
192:3l6hiBbdX0HxDL1zGP6uIefpImEXf6QKzntNFA:168BRX0HxDLJHuI0pIszXy
Static task
static1
Behavioral task
behavioral1
Sample
1/7loader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1/7loader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
2/7loader.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://a1m0sph3reds.cyou/api
Targets
-
-
Target
1/7loader.exe.vir
-
Size
44KB
-
MD5
2d538ba85d41c6a385e872201429380a
-
SHA1
aab6d07ea5390836a54b12c6836eb1106d7e9a44
-
SHA256
9c45ca71fda5862789cd866127e766b941de1f690b91144c1d4c1d967d1dc050
-
SHA512
76bc7b5b0a45147b23bac99bd7fc986c8bd407291cddffa9edf25ff88d9e8334221a48d9ab62c9bf37ab9eb7375b4ec4d2729ddeac7209c499e104f878168451
-
SSDEEP
384:V0KxGphJ6zC2eEF/dHoCkX73hDsSfkksLxG5wrNv+a2VSDSaVrr:+6zCY/+X7kpG5wrNGa2VSDSal
-
Lumma family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
2/7loader.exe.vir
-
Size
21KB
-
MD5
489d2bb73c3c5b44e0f315b2ce9381b3
-
SHA1
4b08586aee68bee50c1f5aaadf1afafe30743b48
-
SHA256
849ae339eb4480f2f3187b50c1413e187bed698b2a196e515eb219244e2e8dd8
-
SHA512
1eec009178f92f3d4cd6813aa17a6a55c1ddb174811cca662f709e45a23ccc5ce847238f442aa1bca7edc2e4c9865fb0f32781df5d7d7f8ca9c78190c025fdec
-
SSDEEP
384:V0KxGphJ6zC2eEF/dHoCkX73hDsSfkksLxG5wrNv+a2VSDSaVrr:+6zCY/+X7kpG5wrNGa2VSDSal
-
Lumma family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-