General
-
Target
9.7.6.zip
-
Size
21.2MB
-
Sample
240628-qlrlpsvbjk
-
MD5
84ff8159a2b0d4ec520b3ace24f76fe9
-
SHA1
59893e5c319fa69af29f26744f5598946fc32442
-
SHA256
5835594a7d29cc3b25e373ab04ffe6137efccf1f10f89730d18353f43e2c60c7
-
SHA512
bf274953f7f2f2740a9d108f9885526884ea583ef9e1d9efca24d47c1496efabd7d6883fb7280e5e236b3fbda47b3f6a00772742e8c9265b9ff6c8dc30a8d2dc
-
SSDEEP
393216:a3ASPdmZZ0pw4ppam/GC5DzS7WNij7ONNysIfZM/568TkAy+d4Rz/d9yljXTsBK:a3lPY0Dpa+DNzW6K7kys7/5bkAy+EmlD
Static task
static1
Behavioral task
behavioral1
Sample
9.7.6/9.7.6.lnk
Resource
win7-20240611-en
Malware Config
Extracted
Protocol: ftp- Host:
94.156.8.173 - Port:
21 - Username:
anonymous - Password:
anonymous@
Extracted
lumma
https://foodypannyjsud.shop/api
https://potterryisiw.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
9.7.6/9.7.6.lnk
-
Size
1KB
-
MD5
e1a00ff52e4d478249296f61b03f8058
-
SHA1
65ae2d5d15cafc30f29684a68e6fd77aff94f138
-
SHA256
ff9d3aa1b5ba533768b7b4d30e6f42d27edd12461b83a19802889276b0a4237c
-
SHA512
d6157c327162da38647b8c5aeeac88a9042fd73ffb7606f8dc5b9981d27defcf127f7f34d2ed937988ce35c1ecd7b713c6378d96c1c1714ddd1702deeace49d8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-