General

  • Target

    3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.zip

  • Size

    232KB

  • Sample

    240402-mqma1afh66

  • MD5

    6289b09f4051771003e982bba9ce0bc5

  • SHA1

    8503bbca552a53956b7f982539397bd15b8498ea

  • SHA256

    d5dda89060c1331ba083be2555ac0a63a5c4bcd56dec9aa40bd4f325439140e5

  • SHA512

    b740962542cab6410cffafe5c6c1d785bdc9ce68d3a0cfdbbafa8896b740f6b996d6c192fd6a4a9d2618d5a8e496d1ca1d8dd0ef4d8974b93619ea509276afc5

  • SSDEEP

    6144:IOYztZqguyP/+eB/PiLJEZKpXZqtUpTasWOGuUpwDpIrcw:FYztZqguyP/v/P2UKpXZXHSuDar9

Malware Config

Extracted

Family

lumma

C2

https://wagonglidemonkywo.shop/api

Targets

    • Target

      3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.exe

    • Size

      319KB

    • MD5

      30732747ca33bd37a757c90aada0c604

    • SHA1

      b175606037f75bc349b5221aa999334d961c471b

    • SHA256

      3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047

    • SHA512

      a672d0d573a3cb2fcb06db975ae3d34ae820f7c14c8e6ce24a1d63da511ff7bb3aaeb331026441729e3def6a9625e444b36e6b2a7d76072ebf08a6e5416980a1

    • SSDEEP

      6144:DuTgT9kw0NZk9gAGkgAcYjd56miof1AjoM0kkrBS9F:JTKw4ZWg6cYjd55ih8RkkrAF

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks