General
-
Target
file.exe
-
Size
1.1MB
-
Sample
240702-sjfgrsxhrh
-
MD5
470aed70b81cb24f9316bac75ce9c409
-
SHA1
6797699947374efbe4e4746f7500a1e2d92ce36a
-
SHA256
afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e
-
SHA512
b26ad5e4fac0bbca810554f0a5453bffa8ad4d654bd057fefc8e83e3dbfd42e1e63ddef308c445a783d8684038e9a2f1f546ff1a7948b93c63b886632e242cb6
-
SSDEEP
24576:lVcPvhB8dHjhl1nd1NWiOBCmn0jRq9odg3cC:85yD1NWiOBpn0YUgsC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240508-en
Malware Config
Extracted
lumma
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
470aed70b81cb24f9316bac75ce9c409
-
SHA1
6797699947374efbe4e4746f7500a1e2d92ce36a
-
SHA256
afbfed421c1da695c193849d153e11975eb3f2f6fa9d936bf987d4f046d86f7e
-
SHA512
b26ad5e4fac0bbca810554f0a5453bffa8ad4d654bd057fefc8e83e3dbfd42e1e63ddef308c445a783d8684038e9a2f1f546ff1a7948b93c63b886632e242cb6
-
SSDEEP
24576:lVcPvhB8dHjhl1nd1NWiOBCmn0jRq9odg3cC:85yD1NWiOBpn0YUgsC
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-