General
-
Target
ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724
-
Size
1.5MB
-
Sample
231214-h4af5scafr
-
MD5
f45c9c7bcb9c582fd7f936d71b894e16
-
SHA1
edcc7e37d0ceb313bcd5ff3709ce1067963b7bc3
-
SHA256
ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724
-
SHA512
816a72d0bc3e482f29c490df39cde428c2546a5fe4e1ebff8e9f4b18221beefebb6c7826f4b556728a47692fbb12725c1a2683fdfc8846ab45ac43b474f3f103
-
SSDEEP
24576:uyliN+BQscfvnV3lrc94Azn+h9ctViBZfbWr2JMOQjTJ+fyMU3yoIrfzCw:9liqQscXnViKAzE9ctViTir2MT4aMIyw
Static task
static1
Behavioral task
behavioral1
Sample
ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
lumma
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
http://ratefacilityframw.fun/api
Targets
-
-
Target
ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724
-
Size
1.5MB
-
MD5
f45c9c7bcb9c582fd7f936d71b894e16
-
SHA1
edcc7e37d0ceb313bcd5ff3709ce1067963b7bc3
-
SHA256
ed71aebc3e881925402002afc9d33658a3dbf77f068c26a412b48667c4be7724
-
SHA512
816a72d0bc3e482f29c490df39cde428c2546a5fe4e1ebff8e9f4b18221beefebb6c7826f4b556728a47692fbb12725c1a2683fdfc8846ab45ac43b474f3f103
-
SSDEEP
24576:uyliN+BQscfvnV3lrc94Azn+h9ctViBZfbWr2JMOQjTJ+fyMU3yoIrfzCw:9liqQscXnViKAzE9ctViTir2MT4aMIyw
-
Detect Lumma Stealer payload V4
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-