General

  • Target

    February.scr

  • Size

    285KB

  • Sample

    240229-wsyaqage61

  • MD5

    514f6262b7f8899e97ef176249b1fbe4

  • SHA1

    016200acbe6284051a8a00f725fb879e3cc3cc51

  • SHA256

    2a9cb02a79b81c7f280b572325626312f007864475364f0f49e9877948ed0815

  • SHA512

    d77259b54025a7f06f1645443369f629a9996a05fa7a0393e111e7de9c8bfd453d524336be39dde0c98e1d701925a0780c7e01c4ee1cd2fde506579358f9a008

  • SSDEEP

    6144:V0RX62x3N0FXRn9I5Zlll87U72vaq07XdREuEws8TWGKH:WV62lN0FXR65Zln72CqyRwSCl

Malware Config

Extracted

Family

lumma

C2

https://vatleaflettrusteeooj.shop/api

https://turkeyunlikelyofw.shop/api

Targets

    • Target

      February.scr

    • Size

      285KB

    • MD5

      514f6262b7f8899e97ef176249b1fbe4

    • SHA1

      016200acbe6284051a8a00f725fb879e3cc3cc51

    • SHA256

      2a9cb02a79b81c7f280b572325626312f007864475364f0f49e9877948ed0815

    • SHA512

      d77259b54025a7f06f1645443369f629a9996a05fa7a0393e111e7de9c8bfd453d524336be39dde0c98e1d701925a0780c7e01c4ee1cd2fde506579358f9a008

    • SSDEEP

      6144:V0RX62x3N0FXRn9I5Zlll87U72vaq07XdREuEws8TWGKH:WV62lN0FXR65Zln72CqyRwSCl

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks