General
-
Target
8feef931eff5b0a24c59e1afbf9ea59d338ded556c7619dd4c00937be1f771f7
-
Size
1.5MB
-
Sample
231213-w8cnysgben
-
MD5
a4b5f67f7fba8c035393aef51550706c
-
SHA1
58e33f4f50782c3c461575a28a2aab24d3fd0f43
-
SHA256
8feef931eff5b0a24c59e1afbf9ea59d338ded556c7619dd4c00937be1f771f7
-
SHA512
e382505fed0290f51feac7d2fa328d9320a15d8b236b6982a05a55f0ed89adac35dbf62051cff07ed4e57004c1b3eb26cb83aa7589d412912e4ac18454127640
-
SSDEEP
24576:iyfO7rYrC48IcTfnnV3rrc9mgtf/SLgoNLWG22+MFP/qaP/onFphyupYfWJ0BS:JfOYrCtZPnVUAKHSLgcLWp2fFP/9/uzM
Static task
static1
Behavioral task
behavioral1
Sample
8feef931eff5b0a24c59e1afbf9ea59d338ded556c7619dd4c00937be1f771f7.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
8feef931eff5b0a24c59e1afbf9ea59d338ded556c7619dd4c00937be1f771f7
-
Size
1.5MB
-
MD5
a4b5f67f7fba8c035393aef51550706c
-
SHA1
58e33f4f50782c3c461575a28a2aab24d3fd0f43
-
SHA256
8feef931eff5b0a24c59e1afbf9ea59d338ded556c7619dd4c00937be1f771f7
-
SHA512
e382505fed0290f51feac7d2fa328d9320a15d8b236b6982a05a55f0ed89adac35dbf62051cff07ed4e57004c1b3eb26cb83aa7589d412912e4ac18454127640
-
SSDEEP
24576:iyfO7rYrC48IcTfnnV3rrc9mgtf/SLgoNLWG22+MFP/qaP/onFphyupYfWJ0BS:JfOYrCtZPnVUAKHSLgcLWp2fFP/9/uzM
-
Detect Lumma Stealer payload V4
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-