General
-
Target
https://download2333.mediafire.com/rzwm8d7cbbzgnXf4NGYXG4UgUJub043l9U79gnjbzINXEkilSCEoBZXt6e3bL2udtjcrNowiL7f4rNd7TaKqNONx51nBzX0KNEiBBx7l5Jpm4Fd0Kc1haeAOhTfZ2nT3nDtj6Aa_AjeCGNX4dy9e8FZrKZmHBIjqddXF3dCkrJGzZg/cwq8m5e36mv9hqt/Launcher%21%E2%80%94%E2%80%941889.rar
-
Sample
240703-m8drkszbma
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://download2333.mediafire.com/rzwm8d7cbbzgnXf4NGYXG4UgUJub043l9U79gnjbzINXEkilSCEoBZXt6e3bL2udtjcrNowiL7f4rNd7TaKqNONx51nBzX0KNEiBBx7l5Jpm4Fd0Kc1haeAOhTfZ2nT3nDtj6Aa_AjeCGNX4dy9e8FZrKZmHBIjqddXF3dCkrJGzZg/cwq8m5e36mv9hqt/Launcher%21%E2%80%94%E2%80%941889.rar
Resource
win10v2004-20240611-en
Malware Config
Extracted
lumma
https://citizencenturygoodwk.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
https://download2333.mediafire.com/rzwm8d7cbbzgnXf4NGYXG4UgUJub043l9U79gnjbzINXEkilSCEoBZXt6e3bL2udtjcrNowiL7f4rNd7TaKqNONx51nBzX0KNEiBBx7l5Jpm4Fd0Kc1haeAOhTfZ2nT3nDtj6Aa_AjeCGNX4dy9e8FZrKZmHBIjqddXF3dCkrJGzZg/cwq8m5e36mv9hqt/Launcher%21%E2%80%94%E2%80%941889.rar
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-