General
-
Target
1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a
-
Size
1.5MB
-
Sample
231213-wzdjwsgafl
-
MD5
2e74f5245ca7a51dc842716cdfa0e930
-
SHA1
ddfa93de3110aa0589aef5608018c6282be562c7
-
SHA256
1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a
-
SHA512
dc949a5443810a61785c491e0246db4c6e7b994dc9b5e54f0fa049db1e9a2994b24301333eeecd2de2ac443a5aa03748a6b560414ea2a6035e5aae70e7c2e991
-
SSDEEP
24576:ayfOwiR2fLnV3/rc9zTiwzGU2MB5rDqVlj+tDEEJeqgajY4225VAbW5JsWyuJYfu:hKR2znVg9TwC6latoIvjV+wsWyuyf
Static task
static1
Behavioral task
behavioral1
Sample
1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a
-
Size
1.5MB
-
MD5
2e74f5245ca7a51dc842716cdfa0e930
-
SHA1
ddfa93de3110aa0589aef5608018c6282be562c7
-
SHA256
1e77d4bacf57b3dd13454fb60957eb737e7faf03db338e7a1d3f826f3b43d90a
-
SHA512
dc949a5443810a61785c491e0246db4c6e7b994dc9b5e54f0fa049db1e9a2994b24301333eeecd2de2ac443a5aa03748a6b560414ea2a6035e5aae70e7c2e991
-
SSDEEP
24576:ayfOwiR2fLnV3/rc9zTiwzGU2MB5rDqVlj+tDEEJeqgajY4225VAbW5JsWyuJYfu:hKR2znVg9TwC6latoIvjV+wsWyuyf
-
Detect Lumma Stealer payload V4
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-