General
-
Target
Install_Auto.bat
-
Size
492B
-
Sample
230319-yct98shg94
-
MD5
e811b616f7c5dcbbd9d48d91c605a11e
-
SHA1
9a4b0fe213a789b54f559bd0dda3649738f72716
-
SHA256
7d4f17d9c4809e6a6874e11c484f6c6b3b966dd5a33f9f09d9d3a3d600b4e355
-
SHA512
57f9c415fe3f3cf35075c3c768175258719a2ea4345391c30a35bbc088fa856494079bf8cbaeea18f93f0b8ee39e7f4da4d68e59540a3d5e9e98f024181addc3
Malware Config
Targets
-
-
Target
Install_Auto.bat
-
Size
492B
-
MD5
e811b616f7c5dcbbd9d48d91c605a11e
-
SHA1
9a4b0fe213a789b54f559bd0dda3649738f72716
-
SHA256
7d4f17d9c4809e6a6874e11c484f6c6b3b966dd5a33f9f09d9d3a3d600b4e355
-
SHA512
57f9c415fe3f3cf35075c3c768175258719a2ea4345391c30a35bbc088fa856494079bf8cbaeea18f93f0b8ee39e7f4da4d68e59540a3d5e9e98f024181addc3
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-