Overview
overview
10Static
static
1rl_0746bb8...95.exe
windows10-2004-x64
10rl_0746bb8...95.exe
windows11-21h2-x64
10$TEMP/Terrorist.htm
windows10-2004-x64
4$TEMP/Terrorist.htm
windows11-21h2-x64
4NtCrafts/Ampland.htm
windows10-2004-x64
4NtCrafts/Ampland.htm
windows11-21h2-x64
4NtCrafts/Country.htm
windows10-2004-x64
4NtCrafts/Country.htm
windows11-21h2-x64
4NtCrafts/Entrance.htm
windows10-2004-x64
4NtCrafts/Entrance.htm
windows11-21h2-x64
4NtCrafts/Focuses.htm
windows10-2004-x64
4NtCrafts/Focuses.htm
windows11-21h2-x64
4NtCrafts/Horny.htm
windows10-2004-x64
4NtCrafts/Horny.htm
windows11-21h2-x64
4NtCrafts/Marriage.htm
windows10-2004-x64
4NtCrafts/Marriage.htm
windows11-21h2-x64
4NtCrafts/Suites.htm
windows10-2004-x64
4NtCrafts/Suites.htm
windows11-21h2-x64
4General
-
Target
rl_0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895
-
Size
1.1MB
-
Sample
250704-ygbcxsykx4
-
MD5
c4f480797d490445b330c449e74c71e3
-
SHA1
63fd7fa1d14f4e971ac6f9b48c0426c45e89b267
-
SHA256
0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895
-
SHA512
51564fde65865d5672c1439b9aa15dac24e3504df875e30783d08c7daf1b8e552d014a53e751247934b6f85257c0c9a1030469f9482cec7e628fb6097976233e
-
SSDEEP
24576:r0aclh1X8x4TS8jTEJXRiAS1uoaJoZ8s8v65eu6Rn7pNb:r4DoJhiFoJo/8yQuEn
Static task
static1
Behavioral task
behavioral1
Sample
rl_0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
rl_0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895.exe
Resource
win11-20250619-en
Behavioral task
behavioral3
Sample
$TEMP/Terrorist.htm
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
$TEMP/Terrorist.htm
Resource
win11-20250502-en
Behavioral task
behavioral5
Sample
NtCrafts/Ampland.htm
Resource
win10v2004-20250610-en
Behavioral task
behavioral6
Sample
NtCrafts/Ampland.htm
Resource
win11-20250619-en
Behavioral task
behavioral7
Sample
NtCrafts/Country.htm
Resource
win10v2004-20250610-en
Behavioral task
behavioral8
Sample
NtCrafts/Country.htm
Resource
win11-20250619-en
Behavioral task
behavioral9
Sample
NtCrafts/Entrance.htm
Resource
win10v2004-20250610-en
Behavioral task
behavioral10
Sample
NtCrafts/Entrance.htm
Resource
win11-20250619-en
Behavioral task
behavioral11
Sample
NtCrafts/Focuses.htm
Resource
win10v2004-20250502-en
Behavioral task
behavioral12
Sample
NtCrafts/Focuses.htm
Resource
win11-20250610-en
Behavioral task
behavioral13
Sample
NtCrafts/Horny.htm
Resource
win10v2004-20250619-en
Behavioral task
behavioral14
Sample
NtCrafts/Horny.htm
Resource
win11-20250619-en
Behavioral task
behavioral15
Sample
NtCrafts/Marriage.htm
Resource
win10v2004-20250610-en
Behavioral task
behavioral16
Sample
NtCrafts/Marriage.htm
Resource
win11-20250619-en
Behavioral task
behavioral17
Sample
NtCrafts/Suites.htm
Resource
win10v2004-20250619-en
Behavioral task
behavioral18
Sample
NtCrafts/Suites.htm
Resource
win11-20250610-en
Malware Config
Extracted
lumma
https://t.me/sadwq223123asdsad
https://giyewf.shop/gbtw
https://ycvduc.xyz/trie
https://nbcsfar.xyz/tpxz
https://cbakk.xyz/ajng
https://trsuv.xyz/gait
https://sqgzl.xyz/taoa
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
https://liaxn.xyz/nbzh
-
build_id
87d6d96b7dff409b5339f2d55997fc666193
Targets
-
-
Target
rl_0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895
-
Size
1.1MB
-
MD5
c4f480797d490445b330c449e74c71e3
-
SHA1
63fd7fa1d14f4e971ac6f9b48c0426c45e89b267
-
SHA256
0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895
-
SHA512
51564fde65865d5672c1439b9aa15dac24e3504df875e30783d08c7daf1b8e552d014a53e751247934b6f85257c0c9a1030469f9482cec7e628fb6097976233e
-
SSDEEP
24576:r0aclh1X8x4TS8jTEJXRiAS1uoaJoZ8s8v65eu6Rn7pNb:r4DoJhiFoJo/8yQuEn
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
-
-
Target
$TEMP/Terrorist.htm
-
Size
48KB
-
MD5
4bfc395d29b8efde7fa99f97a49c454a
-
SHA1
3bc94db2e479b196e042e2b20a62f91582abe234
-
SHA256
183bfe39632a452e4633b776b4c55b0934c011afb4f62003f3b9d13a9cef690d
-
SHA512
81f6f81dfa9afb38485ad345aa647857519935bedef059261cee8be7b4d3bc2745954446a644eda557be69b53d3ef1c0b177337915b8a0bd77de34faabbfdc46
-
SSDEEP
1536:3XYyqwTnZ9O3yn7x0zodKFI+hS7TsalhN0uzrDvk:Yyqwl9O3yNKBhyTsalz5rk
Score4/10 -
-
-
Target
NtCrafts/Ampland.htm
-
Size
87KB
-
MD5
e9c66e601291abd5792c72663b21ff70
-
SHA1
1a2e074481aa45175a22e533a6d22d939c73db7e
-
SHA256
e4a27420ceaef2ed530bdfd684f3d32c5626ec4c5b2eb7a0b7c2c9ff39431053
-
SHA512
15211d907f0b5012e2858acc6eb0337efbbe4ed6ca9892b94243e5ba00ce9d67d614a6512cbaf493c1e01205a7d6b1f9d3f867c04476bee81c758a69d0df413c
-
SSDEEP
1536:TiRirST4gh4MatQbtQk1Oz+CaHJmf3Yk9A08A7U+bH+NYVDDwsEwK4J03BDg640:TiIrxtQuq/8jJVD03wj035gL0
Score4/10 -
-
-
Target
NtCrafts/Country.htm
-
Size
87KB
-
MD5
44416b1b56da19ee11edf99c98a98b46
-
SHA1
f411bc9c7c5009b3e9fc4bc28b58343dbe3929ee
-
SHA256
b4db06d977794c81f4e2f1e6c581d646b4055ee68517e4bc43fd2bdca67ae6e7
-
SHA512
2cd5e9cd73f24f51076c0f5966b283a505f9c3c3c68320b093ba39f85a3e99a567e8dbd86700128296e7574ae8a401ad085322cfcba9225261916e23a1b0ae6a
-
SSDEEP
1536:tveyFhtwSBkR2CqARZrQiyfjiruj9GdYII6FxhGQ1utYCK9U7fdYh:tGyD6NR2CqAMiajirOpR6FJ1uSVodYh
Score4/10 -
-
-
Target
NtCrafts/Entrance.htm
-
Size
25KB
-
MD5
a4886f85317924eb6a5b6f05f3ad481e
-
SHA1
0b9dc35f9ffc1f8fca18d52aab86d6d5af5c1ac0
-
SHA256
4a1050bc9b984ac01784dad08174da0b78259f733bf7795ff53aa27f67f0c0b0
-
SHA512
d3af9b6273b9654ca870bc713bd544b2545bd7e68b175ba073f127a9ef586d080b502012005c4587997fa9ce32ae77c8deef01f32103721adba70323604eea89
-
SSDEEP
768:bUZUytGWeviy55023YpU9Ol9UXLEnagy6qwvA:bUZUKG7vi9VcOl9UXLEn3y6qwY
Score4/10 -
-
-
Target
NtCrafts/Focuses.htm
-
Size
58KB
-
MD5
21b005cad165eaf10a897482c5bdaa0f
-
SHA1
c8eb3508b92ac888ce373a999c920d142bd316e4
-
SHA256
15ea4296d8e8edb88431d5002f50a19b4ae837d423464221188df2899fbb1df1
-
SHA512
519b5633132e64fe1b2b4a39c36f7cbaf0f1a476244b4e0684f5aaf5a2e2f54a1a338d6c9dc91feeb9cf7e9c92ff40f4ec20967765709226efa51c376192bfef
-
SSDEEP
1536:o5p8EOye0p0IGQHtQloQ4/OId4k1APgDQv86yL:WO0KSe33k1+/vnyL
Score4/10 -
-
-
Target
NtCrafts/Horny.htm
-
Size
71KB
-
MD5
4eeb7f475dbc44bea2a70716663ff93e
-
SHA1
4fbe06282251a69fa003ee9379fa3da07b27d6d8
-
SHA256
76e47782e215677556fcccda36766e441831f21a6916ecc8811e27f902f1e358
-
SHA512
ff6cfbe7f9fa5bfc11c49a1652a3cbbd098cd69eeeb4412ad079bc9cc0f25cff79871bdf3ea2cc46d4db37efb407709e213cc5a535434beb763782634efdbac2
-
SSDEEP
1536:QXeuYci3apzPSd7mF1RLAcyUlnfhYvDTkyYvbIgBCpo/:Qva38bR3RL3yUNhYvDI/Ik
Score4/10 -
-
-
Target
NtCrafts/Marriage.htm
-
Size
68KB
-
MD5
cb9e8414d6bd90a6cbecac3c81b34b96
-
SHA1
d7a73b810897964783123dcedbee58809074a719
-
SHA256
242b3e7769efb44434b5d1889fc4190648d5bd35a9c8dc258182686f6a579ea6
-
SHA512
f905f7100263391d0af7604f2206502bad6763d3befde5ca8771a8590d746eacfc82567bda148d33d5f17b03ac6566ca3d40b93212e31b31969394ea77e5aa14
-
SSDEEP
1536:EEHIii6VVfFBA3REzMi3ZtFXHu+QE/0yI5T35tfQBdo0u:nzbL3A3mn3ZtFXHpQByI5T35tfQ/o0u
Score4/10 -
-
-
Target
NtCrafts/Suites.htm
-
Size
61KB
-
MD5
1958aead4438552dc00c32838262e1c2
-
SHA1
811c4b49827d0689bfc5a717d699fe44351ade3f
-
SHA256
6ada4a7663f1d11669aa37c0887278e2f5606c235747f744638436abedf2327a
-
SHA512
2a5da037cf06103a5ba7bb1a4b4958dcc4a017c16c1b50d3653547358a03fb5f4b85f380309e44dd7778e0fd3a663b71d1e392a2297186af387c67243b9a6693
-
SSDEEP
1536:FwD3StZGAfn4007TnEEnTu4m68X3rtptqPlKZnexoJEnIaK5L38S+oF6m:FntZGAfdmEEnRmlrlqPkZnjinfi86FL
Score4/10 -
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3