Resubmissions

13-03-2023 17:23

230313-vycersdd7z 10

General

  • Target

    TUNIC Trainer Setup.exe

  • Size

    141KB

  • Sample

    230313-vycersdd7z

  • MD5

    09cc739c0d7dba742399b097e9045e05

  • SHA1

    30c4c3ed5fdfba59f378480a711b6e3abed4e28e

  • SHA256

    0628c7952099fcd105059b5c8d3750567e6a2378124d2fb72b56d467809cfd34

  • SHA512

    e9c4ec97e72f18cc02869d2195f19f018e08184d9fcafd8ae2eadd16591176c6423794adfbc2d89cd93626c26090e83a846db0f6c8300163cea8f76b02b093a0

  • SSDEEP

    3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score
10/10

Malware Config

Targets

    • Target

      TUNIC Trainer Setup.exe

    • Size

      141KB

    • MD5

      09cc739c0d7dba742399b097e9045e05

    • SHA1

      30c4c3ed5fdfba59f378480a711b6e3abed4e28e

    • SHA256

      0628c7952099fcd105059b5c8d3750567e6a2378124d2fb72b56d467809cfd34

    • SHA512

      e9c4ec97e72f18cc02869d2195f19f018e08184d9fcafd8ae2eadd16591176c6423794adfbc2d89cd93626c26090e83a846db0f6c8300163cea8f76b02b093a0

    • SSDEEP

      3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Tasks