Resubmissions

17-02-2024 23:23

240217-3db79scb75 3

17-02-2024 05:08

240217-fsz7baca54 10

General

  • Target

    Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip

  • Size

    66.8MB

  • Sample

    240217-fsz7baca54

  • MD5

    f5c5935ac75649654a3c831ed5fe6fa0

  • SHA1

    52ec2e983ab06aa15750114a9e265d4fb5af7f54

  • SHA256

    93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4

  • SHA512

    a021f3cab542ccca8aff067d001d0c4494c6d1f49dd0e4776ab96f72edf5d87defc9a8ae81e5b39c5fc5d3cef618c6de04ea5d68b25d8e6c6975ad95e44257ea

  • SSDEEP

    1572864:8yIoOPzJpq0jzwKSqj4uEv9oPoCvOFahjcWnSFnecJ3rrIpMU9doIny:8ywjc3qj4vvE0ahoWnkei36M0KIny

Malware Config

Extracted

Family

lumma

C2

https://gemcreedarticulateod.shop/api

https://secretionsuitcasenioise.shop/api

https://claimconcessionrebe.shop/api

https://liabilityarrangemenyit.shop/api

Targets

    • Target

      Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip

    • Size

      66.8MB

    • MD5

      f5c5935ac75649654a3c831ed5fe6fa0

    • SHA1

      52ec2e983ab06aa15750114a9e265d4fb5af7f54

    • SHA256

      93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4

    • SHA512

      a021f3cab542ccca8aff067d001d0c4494c6d1f49dd0e4776ab96f72edf5d87defc9a8ae81e5b39c5fc5d3cef618c6de04ea5d68b25d8e6c6975ad95e44257ea

    • SSDEEP

      1572864:8yIoOPzJpq0jzwKSqj4uEv9oPoCvOFahjcWnSFnecJ3rrIpMU9doIny:8ywjc3qj4vvE0ahoWnkei36M0KIny

    Score
    1/10
    • Target

      0x000a000000023656-53

    • Size

      686.9MB

    • MD5

      3abe8b51f5087787b9c121b10f37108b

    • SHA1

      4cb1fc54dc24f175c744a958e74ff84b5fb16d4e

    • SHA256

      7ba93fe544def71fa435ae70911356845d19d5fcee1df71369aa537fe848c5d5

    • SHA512

      fcee37f1e56aed457f71aa0c54f320e28a308c002d639bcd424389cb464ce18103746b470456f5824b28d079cead670bdcb8d691d8bed864544ffbfe2c75fed4

    • SSDEEP

      1572864:jnhUzyh7u4k9pJmoLKAwhzTICA8VjcDJSx:jnikUDUzPAUj3x

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks