General
-
Target
BBYe#SM0WhOb.zip
-
Size
1.5MB
-
Sample
250119-tqj9zavqb1
-
MD5
77165621a4479597106e6d17565a2388
-
SHA1
3dc5ecf8051171845921e60dfa4bc6596c17744d
-
SHA256
2579410e9f316e3eb80181813f87edab1b80724845b9c4fe3c3f2b065720d10b
-
SHA512
1e045d4850899be53f760d87a715b13052c3cb4f8695ba4fc6badb2440039a1d938cd16c7e77ee9675309058dc7c53a07b0f7e070537d419c925c7e044d91e32
-
SSDEEP
24576:UihgaXbgTUxnuYDtobOqlxlAfE/9kneR8bFg/BW1pwqABdyg0z0W7:lgaLgwJtYl48Vket/UHwXyg0V7
Static task
static1
Behavioral task
behavioral1
Sample
Bootstrapper/Bootstrapper.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://deedcompetlk.cyou/api
Targets
-
-
Target
Bootstrapper/Bootstrapper.exe
-
Size
120.0MB
-
MD5
6a4e34aa83f72c212e76e1c228af6666
-
SHA1
bff7c730078f0ccf5aa00c52ec0cc2fe38bd1f56
-
SHA256
828b3c4a8e2c1eddc6bc54c1928ec562a9d4254f84a5545fa83d23419686240c
-
SHA512
37f0d3ad8017357164aaed7664ce628491d5215c686fc798698db6d6b0f15705052dd6a10d39e8b5c98c6ba62e0f0eb451d581e3ecff530bd96cd4fb80998cfc
-
SSDEEP
24576:utnbbEhDUbdE6bLdFiClougeEqsseyHCIAtcVZ0EIrGFTb7Tb7j:MEs/PdlhgPqsseyQtxE/Fr
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-