General
-
Target
β§ ππ£π¨π©ππ‘π‘ β§ πππππ β§ πππΏπΌππ β§ πππ.7z
-
Size
22.8MB
-
Sample
250704-vkeyqswwgs
-
MD5
8018b50f06484390df01cd01b6a29993
-
SHA1
586967e2f4127b4e3eb8cf8d5977c9380f74b53f
-
SHA256
3c6348cfde0c2a86888faae3edff794add3b141e5f51265e995c5940e3fb6239
-
SHA512
a8307f9cc0cdf47f4a9453a842aea8c05468444e7997ccc85660941c86eb3985e636e9ef8ce86eb917fad39bb2cebe616572c471e2baca2c6ba40dae9337f943
-
SSDEEP
393216:PZV5l4RMrfwNdFfUZQrsR3x7pdDqWKHYBR/P/8RFAERp5+2N:TrqdF8Us5x7ZBFP/8RfROy
Static task
static1
Behavioral task
behavioral1
Sample
β§ ππ£π¨π©ππ‘π‘ β§ πππππ β§ πππΏπΌππ β§ πππ.7z
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
β§ ππ£π¨π©ππ‘π‘ β§ πππππ β§ πππΏπΌππ β§ πππ.7z
Resource
win11-20250502-en
Malware Config
Extracted
lumma
https://t.me/sadwq223123asdsad
https://giyewf.shop/gbtw
https://ycvduc.xyz/trie
https://nbcsfar.xyz/tpxz
https://cbakk.xyz/ajng
https://trsuv.xyz/gait
https://sqgzl.xyz/taoa
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
https://liaxn.xyz/nbzh
-
build_id
87d6d96b7dff409b5339f2d55997fc666193
Targets
-
-
Target
β§ ππ£π¨π©ππ‘π‘ β§ πππππ β§ πππΏπΌππ β§ πππ.7z
-
Size
22.8MB
-
MD5
8018b50f06484390df01cd01b6a29993
-
SHA1
586967e2f4127b4e3eb8cf8d5977c9380f74b53f
-
SHA256
3c6348cfde0c2a86888faae3edff794add3b141e5f51265e995c5940e3fb6239
-
SHA512
a8307f9cc0cdf47f4a9453a842aea8c05468444e7997ccc85660941c86eb3985e636e9ef8ce86eb917fad39bb2cebe616572c471e2baca2c6ba40dae9337f943
-
SSDEEP
393216:PZV5l4RMrfwNdFfUZQrsR3x7pdDqWKHYBR/P/8RFAERp5+2N:TrqdF8Us5x7ZBFP/8RfROy
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-