General

  • Target

    FivemDpickTool.exe

  • Size

    69.1MB

  • Sample

    230502-qhdknsda5y

  • MD5

    f1e1affede1856bd1cd7c5a77eb2f43d

  • SHA1

    b090523fffc4bcdf44f4abc74383c3d0e7d34567

  • SHA256

    8359bad2263c4b6a4e0b54b7e9ceded27ea9dbd48ffd94e55e08848adf9a45c1

  • SHA512

    18ca65ddada75972f31b525b115d251e0e9786da7d0949a9d05a59bcb1258a58d6e08bad2a26f7c8fa5be9ae01d7760cdd798bc12f7bacc94f99093ac438f7ea

  • SSDEEP

    1572864:mjddGvSSTz28vrus/qcJBfGJVZMIvP7NSZAauAgRdwIE1cGYCyM0L1:aGvNrTusBHfa1LNSuaXgY5ML1

Score
10/10

Malware Config

Targets

    • Target

      FivemDpickTool.exe

    • Size

      69.1MB

    • MD5

      f1e1affede1856bd1cd7c5a77eb2f43d

    • SHA1

      b090523fffc4bcdf44f4abc74383c3d0e7d34567

    • SHA256

      8359bad2263c4b6a4e0b54b7e9ceded27ea9dbd48ffd94e55e08848adf9a45c1

    • SHA512

      18ca65ddada75972f31b525b115d251e0e9786da7d0949a9d05a59bcb1258a58d6e08bad2a26f7c8fa5be9ae01d7760cdd798bc12f7bacc94f99093ac438f7ea

    • SSDEEP

      1572864:mjddGvSSTz28vrus/qcJBfGJVZMIvP7NSZAauAgRdwIE1cGYCyM0L1:aGvNrTusBHfa1LNSuaXgY5ML1

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks