Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

valoskin/h...er.exe

windows7-x64

1

valoskin/h...er.exe

windows10-2004-x64

1

valoskin/spoofer.exe

windows7-x64

3

valoskin/spoofer.exe

windows10-2004-x64

10

valoskin/test.dll

windows7-x64

1

valoskin/test.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    valoskin.zip

  • Size

    317KB

  • Sample

    240223-d3zmesae5w

  • MD5

    1d6d8e1a9b1ec74a9c03848bae2911b0

  • SHA1

    4b5802f378a0c1b8d114a89951c1d27a6f51f3fd

  • SHA256

    9593415e3c59bccf5b942204c21bf3b60b727868cd9bbd28efa10b045f838d7f

  • SHA512

    842c0444d4959c1cdcbc58a7a5dfbe721e597ca94cede3170a8215ba9f3b7a0136f496a70351c1c0126871d6807ecfd8aef78c23fc4baa78becd1eaff0a64d36

  • SSDEEP

    6144:KdRXAFA/H6W+r13lKhJumiJ1zPk5rY+WcCQSSqxVU9dKVsNIwm0M08:+Jr+B3lSurLzb+mQSSqQXKVW7M1

Score
10/10
lummapersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      valoskin/hookloader.exe

    • Size

      14KB

    • MD5

      2d81016e823c1f2983b70902d510e2cb

    • SHA1

      c83763ce1f16bee1b4c63ff80a181dc1b40e0d27

    • SHA256

      1eb27116f207a0701aec816404a6c5ede66550231b2b7bf84981d353cba35d9a

    • SHA512

      8df567b6f153d0cc738c2da1c7caa6d906af5656455c6fc17e51b0d4f43d18e757ea2f74843bd3d7e0791e9ec488136ac01fa3c0aebec8b2eef4789a84f95491

    • SSDEEP

      192:jd326f/bCoq+IeXCutfAkIUNzEa5UK4PiaAws681iW5tfqXU/H:x326f/Goq+IQjfLvNWKc7

    Score
    1/10
    behavioral1behavioral2

    • Target

      valoskin/spoofer.exe

    • Size

      425KB

    • MD5

      168d7b4ca5c63b61d5f48f0911868b2c

    • SHA1

      daf966bd0ac55c862ce5574ee7d5420123ac94e4

    • SHA256

      601c05bd2d1c908d123dac33d1c15552c138acb294124cbdd86b12c9f35e2655

    • SHA512

      da5ebb40849fedafc5a3ac7c48a0142c6eb5ccefe788b6c07491a757aa9e9b4f3d8b76e1dacf0600a833aade05c309b9661e8fd40080d4ba8f4cf4ea3d59900f

    • SSDEEP

      12288:jLJ/KPJxO9j7MIFyKz3mBEP5KpPbDC0dGhKcYtmS2:jcPYsIUOwtb1whlt

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma
    behavioral3behavioral4

    • Target

      valoskin/test.dll

    • Size

      157KB

    • MD5

      0605f348e17e22178b57014a83e624dc

    • SHA1

      f4a1cdbb02e9dba0ae01177dd156a653bd06dd8c

    • SHA256

      7343c8572b9d2cabf54ef5ba0dce2f7b2931504c40dba057e33e4780817a3cf2

    • SHA512

      ec437462de560edccd3e55eab7126015b1a2f741a4aee87d08aacb0790bead51efa7df236c366a5935c9b60a9094dbe84ba6a2f0ad428e2babd8a1ea181ad14c

    • SSDEEP

      3072:3Nk1JmVsIgx7j1GefCDMYAxe6rXEH0RhRhRq:6mWIgx7j1GeaoYA3Ln

    Score
    7/10
    persistence
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks