General
-
Target
9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
-
Size
1.5MB
-
Sample
231214-gq24kabggr
-
MD5
b2e8f8df9c7d8a1847509ea28ea7e71f
-
SHA1
b5d77f3d2b6c592cd6780e2ba3323ba7bb5ed56e
-
SHA256
9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
-
SHA512
9ab67889f32abf515655a5cdf6442a9ab52da5ccb97d8282464499c6c8e423a500e69ce8d1136e7630723e7c858ae676ded1792982f848370a23c900707ba48b
-
SSDEEP
24576:DyDqeqdHkuvfVnV3lrc9KnjhGYBAjlNw8ljvwwRJjMiTbGBrGf5zyuFYf2Y4:WaHRvtnVigjqbw8ljv5AiTarK5zyumff
Static task
static1
Behavioral task
behavioral1
Sample
9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
-
Size
1.5MB
-
MD5
b2e8f8df9c7d8a1847509ea28ea7e71f
-
SHA1
b5d77f3d2b6c592cd6780e2ba3323ba7bb5ed56e
-
SHA256
9fade38b54e168fe528b631ca35dedce100d837a92f58837d50000e57fdaf94c
-
SHA512
9ab67889f32abf515655a5cdf6442a9ab52da5ccb97d8282464499c6c8e423a500e69ce8d1136e7630723e7c858ae676ded1792982f848370a23c900707ba48b
-
SSDEEP
24576:DyDqeqdHkuvfVnV3lrc9KnjhGYBAjlNw8ljvwwRJjMiTbGBrGf5zyuFYf2Y4:WaHRvtnVigjqbw8ljv5AiTarK5zyumff
-
Detect Lumma Stealer payload V4
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-