General
-
Target
86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271
-
Size
1.5MB
-
Sample
231213-r7zpwaebhk
-
MD5
818e21ef80effedc38f0543587bc4b2e
-
SHA1
3c5c922a22a7d2261eacd0e4a8c6db6a820cf419
-
SHA256
86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271
-
SHA512
6dc8adb2129fba806586d6c05a821cab5d551cd4f518175f1db57ef249e7c079706fbe4968bf49cedf70741c8e2b7399ff2d7b66fadc7b2d75a815d7d68a3abc
-
SSDEEP
24576:dyH+u8Ae3AZFfnnV3Hrc9TcQbcqXcYSs1nBBQ1Nf5qAJmkKW8ysuyDOTfJfk:4d8AZZFPnVIhcQIRs1if5qWm3/yVyDeZ
Static task
static1
Behavioral task
behavioral1
Sample
86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271
-
Size
1.5MB
-
MD5
818e21ef80effedc38f0543587bc4b2e
-
SHA1
3c5c922a22a7d2261eacd0e4a8c6db6a820cf419
-
SHA256
86c963538210d4647428af35f50d5c17f597be0094b8bf539e2f6d059d442271
-
SHA512
6dc8adb2129fba806586d6c05a821cab5d551cd4f518175f1db57ef249e7c079706fbe4968bf49cedf70741c8e2b7399ff2d7b66fadc7b2d75a815d7d68a3abc
-
SSDEEP
24576:dyH+u8Ae3AZFfnnV3Hrc9TcQbcqXcYSs1nBBQ1Nf5qAJmkKW8ysuyDOTfJfk:4d8AZZFPnVIhcQIRs1if5qWm3/yVyDeZ
-
Detect Lumma Stealer payload V4
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-