Overview
overview
10Static
static
3GenuisStrapper.zip
windows10-2004-x64
4GenuisStrapper.zip
windows11-21h2-x64
1CHEKME.txt
windows10-2004-x64
1CHEKME.txt
windows11-21h2-x64
3GenuisExploit.zip
windows10-2004-x64
1GenuisExploit.zip
windows11-21h2-x64
1GenuisExpl...er.exe
windows10-2004-x64
10GenuisExpl...er.exe
windows11-21h2-x64
10$TEMP/Tribe.cab
windows10-2004-x64
1$TEMP/Tribe.cab
windows11-21h2-x64
1GenuisExpl...le.txt
windows10-2004-x64
1GenuisExpl...le.txt
windows11-21h2-x64
3GenuisExpl...et.txt
windows10-2004-x64
1GenuisExpl...et.txt
windows11-21h2-x64
3GenuisExpl...le.txt
windows10-2004-x64
1GenuisExpl...le.txt
windows11-21h2-x64
3GenuisExpl...che.js
windows10-2004-x64
3GenuisExpl...che.js
windows11-21h2-x64
3GenuisExpl...ng.dll
windows10-2004-x64
1GenuisExpl...ng.dll
windows11-21h2-x64
1GenuisExpl...ng.dll
windows10-2004-x64
1GenuisExpl...ng.dll
windows11-21h2-x64
1GenuisExpl...ng.dll
windows10-2004-x64
1GenuisExpl...ng.dll
windows11-21h2-x64
1General
-
Target
GenuisStrapper.zip
-
Size
3.1MB
-
Sample
250630-y6cx2svmv7
-
MD5
07772535433bfd50b105b99d93fbc47d
-
SHA1
4c6e7fb165e26eed17198ca1a6431e910d7ca0e1
-
SHA256
5f1bce02065e131ca65496baa84c6b9ae0f40a38911e8c3635ceef071ba6db35
-
SHA512
62c24ac2313e127e7c59a11264c1eb30c1dc96da5daf23da777b6c3832f320d1e0bcbac9d52b10896758931422a549cb6533498f1bd6392cab93d27f2acd67e3
-
SSDEEP
49152:1ItzIrR3oNgJr9ITxM73OXvj84hAc4SNIpgmCuT7iTc6i+Ghb9Smoj:Mzw+NgJraT2cvr4CIpDCuT7iTi+GRImw
Static task
static1
Behavioral task
behavioral1
Sample
GenuisStrapper.zip
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
GenuisStrapper.zip
Resource
win11-20250610-en
Behavioral task
behavioral3
Sample
CHEKME.txt
Resource
win10v2004-20250619-en
Behavioral task
behavioral4
Sample
CHEKME.txt
Resource
win11-20250619-en
Behavioral task
behavioral5
Sample
GenuisExploit.zip
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
GenuisExploit.zip
Resource
win11-20250619-en
Behavioral task
behavioral7
Sample
GenuisExploit/Abtustrapper.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral8
Sample
GenuisExploit/Abtustrapper.exe
Resource
win11-20250610-en
Behavioral task
behavioral9
Sample
$TEMP/Tribe.cab
Resource
win10v2004-20250619-en
Behavioral task
behavioral10
Sample
$TEMP/Tribe.cab
Resource
win11-20250619-en
Behavioral task
behavioral11
Sample
GenuisExploit/Workspace/.tests/appendfile.txt
Resource
win10v2004-20250610-en
Behavioral task
behavioral12
Sample
GenuisExploit/Workspace/.tests/appendfile.txt
Resource
win11-20250619-en
Behavioral task
behavioral13
Sample
GenuisExploit/Workspace/.tests/getcustomasset.txt
Resource
win10v2004-20250619-en
Behavioral task
behavioral14
Sample
GenuisExploit/Workspace/.tests/getcustomasset.txt
Resource
win11-20250610-en
Behavioral task
behavioral15
Sample
GenuisExploit/Workspace/.tests/isfile.txt
Resource
win10v2004-20250610-en
Behavioral task
behavioral16
Sample
GenuisExploit/Workspace/.tests/isfile.txt
Resource
win11-20250619-en
Behavioral task
behavioral17
Sample
GenuisExploit/Workspace/373f5d42922fa6b5ac57adbb41b8015f-cache.js
Resource
win10v2004-20250610-en
Behavioral task
behavioral18
Sample
GenuisExploit/Workspace/373f5d42922fa6b5ac57adbb41b8015f-cache.js
Resource
win11-20250619-en
Behavioral task
behavioral19
Sample
GenuisExploit/runtimes/app.asar.unpacked/node_modules/btime/binding.dll
Resource
win10v2004-20250619-en
Behavioral task
behavioral20
Sample
GenuisExploit/runtimes/app.asar.unpacked/node_modules/btime/binding.dll
Resource
win11-20250619-en
Behavioral task
behavioral21
Sample
GenuisExploit/runtimes/app.asar.unpacked/node_modules/get-fonts/binding.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral22
Sample
GenuisExploit/runtimes/app.asar.unpacked/node_modules/get-fonts/binding.dll
Resource
win11-20250619-en
Behavioral task
behavioral23
Sample
GenuisExploit/runtimes/app.asar.unpacked/node_modules/vibrancy-win/binding.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral24
Sample
GenuisExploit/runtimes/app.asar.unpacked/node_modules/vibrancy-win/binding.dll
Resource
win11-20250619-en
Malware Config
Extracted
lumma
https://invertdbdi.top/xjit
https://gewgb.xyz/axgh
https://skjgx.xyz/riuw
https://ropyi.xyz/zadf
https://spjeo.xyz/axka
https://baviip.xyz/twiw
https://shaeb.xyz/ikxz
https://firddy.xyz/yhbc
https://trqqe.xyz/xudu
-
build_id
950a1284e85f7c6ca2b5599becbc8e052f6e718070c9afd114
Targets
-
-
Target
GenuisStrapper.zip
-
Size
3.1MB
-
MD5
07772535433bfd50b105b99d93fbc47d
-
SHA1
4c6e7fb165e26eed17198ca1a6431e910d7ca0e1
-
SHA256
5f1bce02065e131ca65496baa84c6b9ae0f40a38911e8c3635ceef071ba6db35
-
SHA512
62c24ac2313e127e7c59a11264c1eb30c1dc96da5daf23da777b6c3832f320d1e0bcbac9d52b10896758931422a549cb6533498f1bd6392cab93d27f2acd67e3
-
SSDEEP
49152:1ItzIrR3oNgJr9ITxM73OXvj84hAc4SNIpgmCuT7iTc6i+Ghb9Smoj:Mzw+NgJraT2cvr4CIpDCuT7iTi+GRImw
Score4/10 -
-
-
Target
CHEKME.txt
-
Size
17B
-
MD5
07b36e8d23a485d9014904e2a8c96ce4
-
SHA1
05d761cb191ec27f05b80f4e84ad40274a219237
-
SHA256
b670cca2defb7c3402788738a331ee3841e6aa42720d5cefa401fe13fad0d192
-
SHA512
d7e225d581011dc97eb052ec86c3e0b12939aa632e68992224db2e664f37937b12d9278e5666dc5711c23360cfe6c7762b28044e1fe23e917a967a5e77cee039
Score3/10 -
-
-
Target
GenuisExploit.zip
-
Size
3.1MB
-
MD5
d4c9204e5d263e7aeeb5d40cd96e1b6d
-
SHA1
277366379dcc0cd6979c6252994fe64246e870cf
-
SHA256
8bf97221c08fad1ffe276796ff3defada1846fe21f696966cdb4ee1ce3c60e71
-
SHA512
a2e5226adb60235965a12ab62b588abacd13cfcec169094ac9e1af7857f64c35f5b3e4a2c0aea23402aaf7644f063c2b4c4cf2f3ea570c0e89b4f909b809bf1e
-
SSDEEP
98304:vZq2HR1yqkatUpNEKdrCXJaDV5Iy+SLJjc9:Bqw3Vtax4JS0oLJ49
Score1/10 -
-
-
Target
GenuisExploit/Abtustrapper.exe
-
Size
1.1MB
-
MD5
1589ba86a73986914ec4443817b2b25b
-
SHA1
bf29b7e6e39b0fac33d7c65e661a028a78db5162
-
SHA256
21fe970ad6ad795b819f725f0218bf7133ff825d46f0af1f983ecedd8d247862
-
SHA512
cffdc4d6001069cf9f2e7f1d95ead74a18049efbb8af592d88b184bbffca2063e3cffa600435807d53badf0d47a54363f901e78ba90890c73cdaf826ccf1629a
-
SSDEEP
24576:b0ab70+TxTLTxmENdFvZ8pDjxcHNiarRlqFh9Clcjde+h5OYOp:bzdpdxmpDjxcH4arDqAcjde++p
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
-
-
Target
$TEMP/Tribe.wmv
-
Size
478KB
-
MD5
cb5545f27aec46a5edc7124012250698
-
SHA1
6cc37dd6cac23341041853c948fc87acd22dc1b7
-
SHA256
e8720225949809ead8e431083ce56bf84ec022138341a9298897e6bfa92773bd
-
SHA512
92b34eecc4babd18f2dbadac08ede279fa2040b7d9568793b6ae0fdfd73b0529fce3024fbef76f39b174d22b11e70db59ee6d705d681c40db4fcd32a770ef3f7
-
SSDEEP
12288:Oi2M1p2ocotcw27hTMAv42pls8jNfFg8i2GJOO49yOGaFEhb:Oi28cotcw2FTMS4Mlxj1F5w5OGaE
Score1/10 -
-
-
Target
GenuisExploit/Workspace/.tests/appendfile.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score3/10 -
-
-
Target
GenuisExploit/Workspace/.tests/getcustomasset.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score3/10 -
-
-
Target
GenuisExploit/Workspace/.tests/isfile.txt
-
Size
7B
-
MD5
260ca9dd8a4577fc00b7bd5810298076
-
SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6
-
SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
-
SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7
Score3/10 -
-
-
Target
GenuisExploit/Workspace/373f5d42922fa6b5ac57adbb41b8015f-cache.lua
-
Size
327KB
-
MD5
3cf835cb8c9c25b2debfd164f3b5acab
-
SHA1
973c8195b710079e72cf4f0c9e819f9434b85900
-
SHA256
d10aa3cabff1a991014244e4349f77730bbf1c6e6ac16b0411dca5c4d4efa4ae
-
SHA512
0089a54f08fe6c211984610de8489c2a899b1f74ed806c25c69a80736fd14dfa617b47cd3ee954f9c27b9b70ce262c2e7729fec800d4b7546b4950df3a1ba0bf
-
SSDEEP
6144:IU0todyyPGaBeAUZIhrYckgZO1et/rrxpAzSefTE59JtzZNqy/:IUuo0y9TUGh8vQYO/rdiVe7p
Score3/10 -
-
-
Target
GenuisExploit/runtimes/app.asar.unpacked/node_modules/btime/binding.node
-
Size
118KB
-
MD5
13a2579ed95366185a6247c9e4b9f0cc
-
SHA1
61fef12da622484e44b3c9ddcd61706c9af00aa0
-
SHA256
98c51303c38dc03faeeba13f26fa3c6645d0c1a502b8a5d28177ce015dacf35f
-
SHA512
7aae5a45f5333355c81e4a7468d40c9d814a1b242c99a39747fea9b66e277dd1060bda290fc980e958beccab2ac0232fc4aba078426ac5ae39c19968ae8f58d0
-
SSDEEP
1536:OMwHUFyUCyB7KdX2teZOpSPtvdO+tYLZI2mAq+J6sWyd09dlgh7tBrdO6t2:hwjUCyB7eC8OpSS+tYLZI5+NMKFdO6t
Score1/10 -
-
-
Target
GenuisExploit/runtimes/app.asar.unpacked/node_modules/get-fonts/binding.node
-
Size
125KB
-
MD5
eeb1d1ea9fc3f870f292161cfa79850d
-
SHA1
ea4f4324245f9f4d6280ef285151f688221d6023
-
SHA256
149bc3824ecbf68f7a892a311e77548ea156963b88db0590063b50725c9d883c
-
SHA512
795269fba2737ca51d61bb0f6e674c8ed45f2590a48d1dbc53adae9a85b5565e372de6e2a888f038660173f6f4fe0ecda293c441415296e79097c261c452f254
-
SSDEEP
3072:cd5+N3E2MosoJCakr0dHPAMMMtrAfz9MrRAG:yIxMQQakr0xPSfzirqG
Score1/10 -
-
-
Target
GenuisExploit/runtimes/app.asar.unpacked/node_modules/vibrancy-win/binding.node
-
Size
118KB
-
MD5
6c12c930f974e5bc7872b58964f42359
-
SHA1
805c5c899c32535d2ee8b2bc12deefe5fdaae566
-
SHA256
094bfeb0692885f1e56bb363e1065099eab48a7988c8603fd6a3fb49ec88b09c
-
SHA512
f46c416e3f33e0526c2d4cb3df738f7c9b11fece350b90ca9613e5d86bae7a363dd20b80d62f5745a9d51773b655199537b09fcf47acf226f35002f39f1596d3
-
SSDEEP
3072:/WKjx2yp1tLqA1HB4kdeRqGmX5EMMi6leGS:3xBPVf1HB4kER4UFhS
Score1/10 -
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3