General
-
Target
60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f
-
Size
1.5MB
-
Sample
231214-eptdxscgd7
-
MD5
5e7f3309cc7fe2e6cf9eaf5c929efa25
-
SHA1
7ca01e7710e4c6b8345519d2901f8c066d194cfe
-
SHA256
60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f
-
SHA512
56d2ec693f068212a89ecd664afffd7748b207d100a6bb21e28053b1db3f9f07196b41894e8dcbc4c03deba7044f6720a68c738cb3414e9af3cf672cfaabc293
-
SSDEEP
24576:KyvinWIFJfvnV3prc9G3IxKrj68Cxj6Ni/kWtkua1I1BSAbUUvd5yocrft2El:RviWUJXnVew1rj5Ne7a+1jbNvd5yo8ft
Static task
static1
Behavioral task
behavioral1
Sample
60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f
-
Size
1.5MB
-
MD5
5e7f3309cc7fe2e6cf9eaf5c929efa25
-
SHA1
7ca01e7710e4c6b8345519d2901f8c066d194cfe
-
SHA256
60e3860ff34cb0814583487bcd3448d3bdc82b818e44ec2fff26d6d70477372f
-
SHA512
56d2ec693f068212a89ecd664afffd7748b207d100a6bb21e28053b1db3f9f07196b41894e8dcbc4c03deba7044f6720a68c738cb3414e9af3cf672cfaabc293
-
SSDEEP
24576:KyvinWIFJfvnV3prc9G3IxKrj68Cxj6Ni/kWtkua1I1BSAbUUvd5yocrft2El:RviWUJXnVew1rj5Ne7a+1jbNvd5yo8ft
-
Detect Lumma Stealer payload V4
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-