General

  • Target

    YourTooIl

  • Size

    154KB

  • Sample

    240221-qfvq6sgc87

  • MD5

    3d07e26e02c60cf40ec99d4704ef0f75

  • SHA1

    3f67c682c0ed0b754bec60223778468f769d9a35

  • SHA256

    d3005193be62d42a897396d170bf1532f71d4e61a86e1454981177416ccec742

  • SHA512

    354175e99ede0b6b15db842bae11dfd4f0bbe1571627327d07daf34859fa7fd86ab549f1a205afe8d7094e20b2adca49892047a7b1e61cd7cb99271e322f2cec

  • SSDEEP

    3072:EIHm8korCBcKt8uzoR7qqHb5NRs3NY0/6Pg3X1+Zkewl74ek:idcl5NRsdY0/6Pg3X1+Zkewl7Tk

Malware Config

Extracted

Family

lumma

C2

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      YourTooIl

    • Size

      154KB

    • MD5

      3d07e26e02c60cf40ec99d4704ef0f75

    • SHA1

      3f67c682c0ed0b754bec60223778468f769d9a35

    • SHA256

      d3005193be62d42a897396d170bf1532f71d4e61a86e1454981177416ccec742

    • SHA512

      354175e99ede0b6b15db842bae11dfd4f0bbe1571627327d07daf34859fa7fd86ab549f1a205afe8d7094e20b2adca49892047a7b1e61cd7cb99271e322f2cec

    • SSDEEP

      3072:EIHm8korCBcKt8uzoR7qqHb5NRs3NY0/6Pg3X1+Zkewl74ek:idcl5NRsdY0/6Pg3X1+Zkewl7Tk

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks