General
-
Target
aaaa.ps1
-
Size
451B
-
Sample
241122-f1jvas1ldm
-
MD5
9a6ccc9afb164bff29d969bb8e6b5624
-
SHA1
79e602dee0b7a411e5db13739b43fae1ac2c0dd3
-
SHA256
b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea
-
SHA512
03faa5b073947f90fbba90f2292537442dc91b89c9778c3cc4ee81c5e7cc5b662558c6b30284f7fbc16ea8af7ec80ea6990b4f22f5f5620037a76789fbde11b6
Static task
static1
Behavioral task
behavioral1
Sample
aaaa.ps1
Resource
win7-20240903-en
Malware Config
Extracted
https://bot-check-zip.b-cdn.net/file222.zip
Extracted
lumma
https://stopruthless.cyou/api
Targets
-
-
Target
aaaa.ps1
-
Size
451B
-
MD5
9a6ccc9afb164bff29d969bb8e6b5624
-
SHA1
79e602dee0b7a411e5db13739b43fae1ac2c0dd3
-
SHA256
b9f126c04bb56be08519685eb906a650027fc68931015b7202e09373766155ea
-
SHA512
03faa5b073947f90fbba90f2292537442dc91b89c9778c3cc4ee81c5e7cc5b662558c6b30284f7fbc16ea8af7ec80ea6990b4f22f5f5620037a76789fbde11b6
-
Lumma family
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-