General

  • Target

    cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

  • Size

    17.1MB

  • Sample

    240319-vhk2zaha95

  • MD5

    eb64b1dbb38961bdb4c0f4b724b1ed3d

  • SHA1

    a375bc847388cdddc6cffd57dc7f0c3d6be72cdf

  • SHA256

    cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

  • SHA512

    5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7

  • SSDEEP

    393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

Malware Config

Extracted

Family

lumma

C2

https://telldruggcommitetter.shop/api

https://secretionsuitcasenioise.shop/api

https://modestessayevenmilwek.shop/api

https://triangleseasonbenchwj.shop/api

Targets

    • Target

      cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

    • Size

      17.1MB

    • MD5

      eb64b1dbb38961bdb4c0f4b724b1ed3d

    • SHA1

      a375bc847388cdddc6cffd57dc7f0c3d6be72cdf

    • SHA256

      cf5d6c68811f37d9ae1a9cc62abc1987fdd8900d271fdaa01d4a84853d7db10d

    • SHA512

      5c56b478f88002e10b3bea6ed2151a8e89e1693270effaa6ded943b1325b0d1e1a4aa9fa66fd8b372f70da86feab6cee781518bb50514dfb341a9767a01d36a7

    • SSDEEP

      393216:QnEbwdw5PBbXDqPiHNTS3ByWhGhz3iQw0FHufQMfh1GD6QGhNgqx9OPNQNI62vho:pbwdwnBtcFhG1w0MVZ1GD6QGhNpwsIne

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks