General
-
Target
protocol.ps1
-
Size
638B
-
Sample
241122-f2229s1lfl
-
MD5
438bdde142d374368c77b97a7a1561c6
-
SHA1
de1663c0d3760ed9c012610a85e58d21d2af90ca
-
SHA256
47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f
-
SHA512
86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba
Static task
static1
Behavioral task
behavioral1
Sample
protocol.ps1
Resource
win7-20240903-en
Malware Config
Extracted
https://encryptedzip.oss-ap-southeast-1.aliyuncs.com/protocol.zip
Extracted
lumma
https://stopruthless.cyou/api
Targets
-
-
Target
protocol.ps1
-
Size
638B
-
MD5
438bdde142d374368c77b97a7a1561c6
-
SHA1
de1663c0d3760ed9c012610a85e58d21d2af90ca
-
SHA256
47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f
-
SHA512
86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba
-
Lumma family
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-