General
-
Target
d3ec28c089d98942413d9d197ff38b0bd2c336df708564307467edb58f23ea37.zip
-
Size
21KB
-
Sample
230321-r1gkqadd2s
-
MD5
4b897d276a475970736034451cf269b9
-
SHA1
bc8f740f37102ab877e1cbe6adabd4f3ffe3de7d
-
SHA256
c9341cb53731508c101d052643c552850f8f59092204151c0ec825e5fd87fe89
-
SHA512
e04d5ccf5063bae52e91647bf5012da792421ec067ee4952942330732fa939c281b9a9e16806f516e97d0c9d63a22bb8e69a88bd4337ee1ca3d3b15cd4c1d58c
-
SSDEEP
384:1xk6ovyP6vAYvEyzMGzq1A0moZaF5kZexUqN2t1eqme7LbA8xiGqtnsP6y3XL0bh:1xkdymjvEB1A06YexBNze7f9xiGqtns2
Malware Config
Targets
-
-
Target
particovl.bat
-
Size
699.1MB
-
MD5
85e4843ddbeb2ef9a3cdea6497bbdfa9
-
SHA1
5556ac2aa0d52daa7240877e6df1b60d3969ecec
-
SHA256
4049b93a33911701f2b975d19db0f91e4ae70ccbeee83a93f3352aa76a0152d8
-
SHA512
6c875856504f70ac80912f88e61fd67e9e37e0001d4c0a3c1f6703f69f0e3194142b6c93d941a85d2d721e53a2c1c2e1c59665ccd8fbb803419388d1908e8684
-
SSDEEP
384:Yi56N+inFXIvK0NgMzIR9tFhnvOTSMnZdqEoyZZd5hJUvCUvcmS/lggNbQRq55en:8X+K8xwvWSpmZ5emKAbJ55hz0h
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-