General

  • Target

    Wraith Unlocker.exe

  • Size

    68.4MB

  • Sample

    230503-se7epafa92

  • MD5

    74f3e0281968249a5a75ae0acbd2a913

  • SHA1

    d5467380a6fce236cd3abb189e7a14faced79574

  • SHA256

    478247cfd416f1e58ec8c280b8e23fdb4f9c40df6f52dda719485e523f1c1b77

  • SHA512

    f69dd8f332f48f1523bdd049e52a797282bb6fecbc085002c45788725e82344b47a1696d5a5269488192aa05bdb8e111d9eba3957a01b6d5cd8a143c129e6f9d

  • SSDEEP

    1572864:yjddGvf2GeQuknJBFwRm7bjH5hybSMhQwk/368l:uGvf2vdEHqmnjHz0taXl

Score
10/10

Malware Config

Targets

    • Target

      Wraith Unlocker.exe

    • Size

      68.4MB

    • MD5

      74f3e0281968249a5a75ae0acbd2a913

    • SHA1

      d5467380a6fce236cd3abb189e7a14faced79574

    • SHA256

      478247cfd416f1e58ec8c280b8e23fdb4f9c40df6f52dda719485e523f1c1b77

    • SHA512

      f69dd8f332f48f1523bdd049e52a797282bb6fecbc085002c45788725e82344b47a1696d5a5269488192aa05bdb8e111d9eba3957a01b6d5cd8a143c129e6f9d

    • SSDEEP

      1572864:yjddGvf2GeQuknJBFwRm7bjH5hybSMhQwk/368l:uGvf2vdEHqmnjHz0taXl

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks