General
-
Target
2a304826f36a9edb28ae07a7da5479f58c0599ef95113467c3cbd5727407aa1e.exe
-
Size
293KB
-
Sample
250120-cl5xfawqep
-
MD5
67b572b8fed9bb8e91b26c6bd9fec2a3
-
SHA1
91dd3124155f24c31ba86c6ccd3a13b4d6f6ddab
-
SHA256
2a304826f36a9edb28ae07a7da5479f58c0599ef95113467c3cbd5727407aa1e
-
SHA512
6f7edc4c8438b5730cc2b118160266423cba857d9ca8ed0bb16bee40fc84f2e8a1f98b028e50ffaa4f8a3bf67c33da9abcd932bdc2d001b665ef030880f61357
-
SSDEEP
6144:6bs68FnNynbfZoOzbEWGSHVXWC8lCk1SHM70v9:6bs6anNi3bEWGSHdWCvFM70v9
Static task
static1
Behavioral task
behavioral1
Sample
2a304826f36a9edb28ae07a7da5479f58c0599ef95113467c3cbd5727407aa1e.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
https://pillowbrocccolipe.shop/api
https://communicationgenerwo.shop/api
https://diskretainvigorousiw.shop/api
https://affordcharmcropwo.shop/api
https://dismissalcylinderhostw.shop/api
https://enthusiasimtitleow.shop/api
https://worryfillvolcawoi.shop/api
https://cleartotalfisherwo.shop/api
Extracted
xworm
5.0
127.0.0.1:18194
soon-logical.gl.at.ply.gg:18194
APoxCrOmNOvTLB4L
-
Install_directory
%Userprofile%
-
install_file
chrome.exe
Targets
-
-
Target
2a304826f36a9edb28ae07a7da5479f58c0599ef95113467c3cbd5727407aa1e.exe
-
Size
293KB
-
MD5
67b572b8fed9bb8e91b26c6bd9fec2a3
-
SHA1
91dd3124155f24c31ba86c6ccd3a13b4d6f6ddab
-
SHA256
2a304826f36a9edb28ae07a7da5479f58c0599ef95113467c3cbd5727407aa1e
-
SHA512
6f7edc4c8438b5730cc2b118160266423cba857d9ca8ed0bb16bee40fc84f2e8a1f98b028e50ffaa4f8a3bf67c33da9abcd932bdc2d001b665ef030880f61357
-
SSDEEP
6144:6bs68FnNynbfZoOzbEWGSHVXWC8lCk1SHM70v9:6bs6anNi3bEWGSHdWCvFM70v9
-
Detect Xworm Payload
-
Lumma family
-
Xworm family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-