General

  • Target

    moshimoshi.zip

  • Size

    86.0MB

  • Sample

    230425-dhm3wshh5z

  • MD5

    7e64c9d7d6a6e38582022489322c7e39

  • SHA1

    e2ddf8143116771bba51c1765741bfaa27d42b6c

  • SHA256

    f063d2228e39efe2f6f5f659c9c69ec683b6d278c37fc9b47a00857903f24839

  • SHA512

    b29312d4cb929f4f32cf94ca31b56ce5f5e30240cc79f8535c0d280f751390abeb79742516b8c5e0496894f0a1ef29273b7cc4bf8160a3dcb491efb1549ed2cb

  • SSDEEP

    1572864:ljXyVcUnUd+9qC2G+Mt8tf7z1Xq8zn4VDHQ54/kVB15X7HY34VHPJUvT6MteU:JGs+97jGE8MVDIGgBjrwevOTp0U

Malware Config

Targets

    • Target

      bot.exe

    • Size

      22.2MB

    • MD5

      909e6c2fdfe7799b4a246fd963dac1fc

    • SHA1

      41163f2fb8034fb29134a9ed6437cb247092f2b5

    • SHA256

      e3f1e550febb6d17b8b1323f3b3a127d9a5f8c2354ea808640c94fd86bc7eea7

    • SHA512

      906c8f7dc2653ba41a823c357f5a3c06c58aa26de35e7dfcaa2072abca4aa597351fa672d34d7a3a2b0406207e861e3b67d068d719499144fb065ad6b17e4129

    • SSDEEP

      393216:gUJ1obI/fL2VmvUUJe5d9l/oocuk00fvDGiF+NQmqwGtCDB86mdclLrP6VBkHpN6:PJ1h/fyVmvUUJad7cw0XDJ+OmqfaB8+

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      config.exe

    • Size

      63.9MB

    • MD5

      5908e3e43cd13a7817ebc00e84726011

    • SHA1

      2bb84721c2a5599bf0d10f1478abff751ed63287

    • SHA256

      fee404652393a455c84216d7c761c369b4a560401d4016911d247dcd78b2a81b

    • SHA512

      fafb2e54bf38c43fb5cdea0ddd8b1e6ad58ac72b8c53ae2f62ad3cf2dd8f89d37741348098ff648230968e741e3f33bbc04da6649e52edb25a9e8f1cd526f2d4

    • SSDEEP

      1572864:WjddrbW1laQ3/mx+LeHP79ZN7ER0H93h2XXo4oI:KfWWQ3K2wPJr6O5CXF7

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks