General

  • Target

    My Place is Curse.exe.bad.zip

  • Size

    64.0MB

  • Sample

    230503-sgrf9afa98

  • MD5

    139e5c6ddd614e67085e0b858916aae0

  • SHA1

    25d6a15b00e0159de523c99843475547864a4b8b

  • SHA256

    020ccd761eb70cad1fadbf1b05760ed7b8aaad136a6964c2a167883913f606ad

  • SHA512

    8ad4fccf26566a4ea9be77f04e0e994273a6aaad6c02d83d71143e7d87fe43385ed5069b65935d5c2fcd105698567d61111446bdfca51db40ff95347aff03100

  • SSDEEP

    1572864:1jddrbWt9k/e++tRMjOqs89YiOnW5/QFlraV6MB4JbJez:tfWfwp+PMpsWqSoFxaVH42z

Score
10/10

Malware Config

Targets

    • Target

      My Place is Curse.exe.bad.zip

    • Size

      64.0MB

    • MD5

      139e5c6ddd614e67085e0b858916aae0

    • SHA1

      25d6a15b00e0159de523c99843475547864a4b8b

    • SHA256

      020ccd761eb70cad1fadbf1b05760ed7b8aaad136a6964c2a167883913f606ad

    • SHA512

      8ad4fccf26566a4ea9be77f04e0e994273a6aaad6c02d83d71143e7d87fe43385ed5069b65935d5c2fcd105698567d61111446bdfca51db40ff95347aff03100

    • SSDEEP

      1572864:1jddrbWt9k/e++tRMjOqs89YiOnW5/QFlraV6MB4JbJez:tfWfwp+PMpsWqSoFxaVH42z

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks