General

  • Target

    7d7356c0cfb9265b7e61bd38a.exe

  • Size

    219KB

  • Sample

    230709-xt5lvsfc39

  • MD5

    7d7356c0cfb9265b7e61bd38a99f68c7

  • SHA1

    007c599c04fe7b75911e24c6cfbccd768350fca7

  • SHA256

    bcd079ed77301cc5f6a0443ccb3c5b4fe4a4b660ad61d5bcc40f0224c8c2da63

  • SHA512

    b4025037ac51b0ee94c77ffcd8a7d26f79d15da9029c3b5dec727d4d310fcb69681e7722d3ec171b469a5ad39f092322e9faf803701d45202809e73e1863dea4

  • SSDEEP

    3072:IahKyd2n31n5GWp1icKAArDZz4N9GhbkrNEk1GI8YyelYW+XgE4HfQUT:IahOnp0yN90QEW8LmmlWfQ4

Malware Config

Targets

    • Target

      7d7356c0cfb9265b7e61bd38a.exe

    • Size

      219KB

    • MD5

      7d7356c0cfb9265b7e61bd38a99f68c7

    • SHA1

      007c599c04fe7b75911e24c6cfbccd768350fca7

    • SHA256

      bcd079ed77301cc5f6a0443ccb3c5b4fe4a4b660ad61d5bcc40f0224c8c2da63

    • SHA512

      b4025037ac51b0ee94c77ffcd8a7d26f79d15da9029c3b5dec727d4d310fcb69681e7722d3ec171b469a5ad39f092322e9faf803701d45202809e73e1863dea4

    • SSDEEP

      3072:IahKyd2n31n5GWp1icKAArDZz4N9GhbkrNEk1GI8YyelYW+XgE4HfQUT:IahOnp0yN90QEW8LmmlWfQ4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks