General
-
Target
qeUaxJCA3FO.exe
-
Size
518KB
-
Sample
240704-r1fneszfka
-
MD5
efc76b9581da08661c9c91c2a6e7d289
-
SHA1
ef7674fe136d80308a44d99ac72b8be550604110
-
SHA256
85356bb669ec17503e48ca457e99347f5386ba644fba9d638d4188a7b4970153
-
SHA512
b2d3432b68b227a5ad64faf6cc789f32ab2234a070c25393849c3d170616a125c1c3c82e18a7952b3ddd3a0024ff845c67aa67ce9b011b9cd9b74e093fc4e5d1
-
SSDEEP
12288:MnUGt+HbHe5BjPORtvLP9qpbY7/2E1yItd2ybSLxWP1yh:Mnncbs1PODZqpBCSiS8Pg
Static task
static1
Malware Config
Extracted
lumma
https://bitchsafettyudjwu.shop/api
Targets
-
-
Target
qeUaxJCA3FO.exe
-
Size
518KB
-
MD5
efc76b9581da08661c9c91c2a6e7d289
-
SHA1
ef7674fe136d80308a44d99ac72b8be550604110
-
SHA256
85356bb669ec17503e48ca457e99347f5386ba644fba9d638d4188a7b4970153
-
SHA512
b2d3432b68b227a5ad64faf6cc789f32ab2234a070c25393849c3d170616a125c1c3c82e18a7952b3ddd3a0024ff845c67aa67ce9b011b9cd9b74e093fc4e5d1
-
SSDEEP
12288:MnUGt+HbHe5BjPORtvLP9qpbY7/2E1yItd2ybSLxWP1yh:Mnncbs1PODZqpBCSiS8Pg
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-