General
-
Target
tmp
-
Size
1.5MB
-
Sample
231213-v39aashbf9
-
MD5
6d9f060cd728271d3d5c2210c8c9a3c8
-
SHA1
2a65466e8c122521c344cb911eda7d10dc082126
-
SHA256
55a6870b236e59e5a1b8dcfc8ad69ef3ec57f1c6db86b2629047c63ea0714b0b
-
SHA512
9353516a1a57922093e81edf6f2721101362347855f9c5a260a558d906bd59919a3c2e486b22a4e044d44db8c86e13a7dc363d2f712ad29c5021c3c67f5e12a2
-
SSDEEP
24576:LyJELbdrfTnV3drc9vkkaW9QvQlySePHLmEgKynHByqqEyuFYfKaI7n:+eXtbnVatxHuvrSePHLLVytyumfZI
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
tmp
-
Size
1.5MB
-
MD5
6d9f060cd728271d3d5c2210c8c9a3c8
-
SHA1
2a65466e8c122521c344cb911eda7d10dc082126
-
SHA256
55a6870b236e59e5a1b8dcfc8ad69ef3ec57f1c6db86b2629047c63ea0714b0b
-
SHA512
9353516a1a57922093e81edf6f2721101362347855f9c5a260a558d906bd59919a3c2e486b22a4e044d44db8c86e13a7dc363d2f712ad29c5021c3c67f5e12a2
-
SSDEEP
24576:LyJELbdrfTnV3drc9vkkaW9QvQlySePHLmEgKynHByqqEyuFYfKaI7n:+eXtbnVatxHuvrSePHLLVytyumfZI
-
Detect Lumma Stealer payload V4
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-