Resubmissions

01/05/2023, 11:50

230501-nzvt6sfd45 10

01/05/2023, 11:48

230501-nyy57sfd42 10

General

  • Target

    LummaC2.exe

  • Size

    208KB

  • Sample

    230501-nzvt6sfd45

  • MD5

    8b310c86941021405f3222d538387466

  • SHA1

    dca86ed4f4f3bcf34fdd38eecc9fa4559d67e898

  • SHA256

    9222cafbc8c147ba28b86efdb0be806e671bdb4f22abae2201f802b79f64caac

  • SHA512

    1fc7e6c1b793d8b6dd31f0ada1a9a6c86743d33f10ad9cd95b805a73f931fd0bb7a89794782a706c59d6f5d48582a45f6d0065796acfd5682dbe8ce3dd42cc94

  • SSDEEP

    3072:KNu5n9Ephmo10MM7TdPoIVC8dlWgEtGJPWRtXx33ieLQsJo/9hWdkhXPwI2:KNu5nuWIMoI3aRthhLZWVh4g2

Malware Config

Targets

    • Target

      LummaC2.exe

    • Size

      208KB

    • MD5

      8b310c86941021405f3222d538387466

    • SHA1

      dca86ed4f4f3bcf34fdd38eecc9fa4559d67e898

    • SHA256

      9222cafbc8c147ba28b86efdb0be806e671bdb4f22abae2201f802b79f64caac

    • SHA512

      1fc7e6c1b793d8b6dd31f0ada1a9a6c86743d33f10ad9cd95b805a73f931fd0bb7a89794782a706c59d6f5d48582a45f6d0065796acfd5682dbe8ce3dd42cc94

    • SSDEEP

      3072:KNu5n9Ephmo10MM7TdPoIVC8dlWgEtGJPWRtXx33ieLQsJo/9hWdkhXPwI2:KNu5nuWIMoI3aRthhLZWVh4g2

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks