General

  • Target

    e36a70a5b0633b7bcb2a443b3d9fb363aab31966a15a734d8ef742500f910f21

  • Size

    1.5MB

  • Sample

    231214-eatfdabbgj

  • MD5

    676a0a54a9b326009264ae7b0f21de1b

  • SHA1

    dc6b46c5fa91b9c3be0baa02897cc66564998abc

  • SHA256

    e36a70a5b0633b7bcb2a443b3d9fb363aab31966a15a734d8ef742500f910f21

  • SHA512

    a9233fbb3523a4d1ede9896b0396995f1f38a0c52a28b700b3ba29db004093086362ce53274c8e0f54739b3d2a3906af675e8bae46adf61818d635f13c52b593

  • SSDEEP

    24576:gyjVuy0nmHfHnV3vrc9KTM26VmhKNKCS8j0KnILk63S87uCKsvoyuVYfQgO:n5uyjHvnVQoTKV6+CKnuk63ScK6oyu2J

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Extracted

Family

lumma

C2

http://soupinterestoe.fun/api

http://dayfarrichjwclik.fun/api

http://neighborhoodfeelsa.fun/api

http://ratefacilityframw.fun/api

Targets

    • Target

      e36a70a5b0633b7bcb2a443b3d9fb363aab31966a15a734d8ef742500f910f21

    • Size

      1.5MB

    • MD5

      676a0a54a9b326009264ae7b0f21de1b

    • SHA1

      dc6b46c5fa91b9c3be0baa02897cc66564998abc

    • SHA256

      e36a70a5b0633b7bcb2a443b3d9fb363aab31966a15a734d8ef742500f910f21

    • SHA512

      a9233fbb3523a4d1ede9896b0396995f1f38a0c52a28b700b3ba29db004093086362ce53274c8e0f54739b3d2a3906af675e8bae46adf61818d635f13c52b593

    • SSDEEP

      24576:gyjVuy0nmHfHnV3vrc9KTM26VmhKNKCS8j0KnILk63S87uCKsvoyuVYfQgO:n5uyjHvnVQoTKV6+CKnuk63ScK6oyu2J

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

MITRE ATT&CK Enterprise v15

Tasks