General

  • Target

    YoudaoDictSetup.exe

  • Size

    97.8MB

  • Sample

    230313-gw8hjagg97

  • MD5

    6851728f39fd719cec8c2eee551d941e

  • SHA1

    c63c9ab520598bd66ffbb3ef507e49558e0c0fd5

  • SHA256

    d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5

  • SHA512

    5bfe296b0a81065ccbb716bc37f4ccd11e8deb819763d07adb49342ed19670316a2766a1d5ded65ff56be58efa9585506d29069a1d2f9a1250a2ee1b5a9eaa7e

  • SSDEEP

    3145728:UqMak7c+EtNngenOOZHQXvqlQ8iA1X6tSiIRys0:wAPtlxR2aQ8NN6teyT

Malware Config

Targets

    • Target

      YoudaoDictSetup.exe

    • Size

      97.8MB

    • MD5

      6851728f39fd719cec8c2eee551d941e

    • SHA1

      c63c9ab520598bd66ffbb3ef507e49558e0c0fd5

    • SHA256

      d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5

    • SHA512

      5bfe296b0a81065ccbb716bc37f4ccd11e8deb819763d07adb49342ed19670316a2766a1d5ded65ff56be58efa9585506d29069a1d2f9a1250a2ee1b5a9eaa7e

    • SSDEEP

      3145728:UqMak7c+EtNngenOOZHQXvqlQ8iA1X6tSiIRys0:wAPtlxR2aQ8NN6teyT

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks