General

  • Target

    VMM.zip

  • Size

    14.6MB

  • Sample

    240406-hgx9pacg81

  • MD5

    06c696dec212fe9a135fcc5a15a9a134

  • SHA1

    84ee0bfdffcca7aeb588fc7900cb859d88ab0b5b

  • SHA256

    5344ad88a5cd21e8c2b396d4c0ff00bf3bb2c09aee63c7eb6f72a86c1a5398f9

  • SHA512

    734fe295516172adb5968fd296e16db6daec73c932860db8b45e843f9eb56e1a00ee2908dd53ec533c27d1aaf3839b0fe0ad0a898b4d24f18eeadcc6b51620d8

  • SSDEEP

    393216:6Lnku9vqgEr3sLmwawkhpNtmAbwFihMXaYFOv0rl66Qwl6hPK/8aeG:6LnjV2sLXBkNtmAEFihoj95XQwMpa/

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://kitchenreviewbewrwsa.shop/api

https://birdpenallitysydw.shop/api

https://cinemaclinicttanwk.shop/api

https://disagreemenywyws.shop/api

https://speedparticipatewo.shop/api

https://fixturewordbakewos.shop/api

https://colorprioritytubbew.shop/api

https://abuselinenaidwjuew.shop/api

https://methodgreenglassdatw.shop/api

Targets

    • Target

      VMM.zip

    • Size

      14.6MB

    • MD5

      06c696dec212fe9a135fcc5a15a9a134

    • SHA1

      84ee0bfdffcca7aeb588fc7900cb859d88ab0b5b

    • SHA256

      5344ad88a5cd21e8c2b396d4c0ff00bf3bb2c09aee63c7eb6f72a86c1a5398f9

    • SHA512

      734fe295516172adb5968fd296e16db6daec73c932860db8b45e843f9eb56e1a00ee2908dd53ec533c27d1aaf3839b0fe0ad0a898b4d24f18eeadcc6b51620d8

    • SSDEEP

      393216:6Lnku9vqgEr3sLmwawkhpNtmAbwFihMXaYFOv0rl66Qwl6hPK/8aeG:6LnjV2sLXBkNtmAEFihoj95XQwMpa/

    Score
    1/10
    • Target

      Data.pt

    • Size

      3.9MB

    • MD5

      7e3f7bde44eaa3bf6265255e9c1f23d0

    • SHA1

      1b14c6549fb1b27d7b5b03ca31be0d0da218077e

    • SHA256

      0470512bcfb754d7ac67a763fc1f2c0e5db72bc67a2eea0e90bc14b138ccd38b

    • SHA512

      7b238831bcbd3943b71436f166358eea868ed99b3dfb17c8f48706e1ebd527463837eb4e83102aed4f073df8debba56a930295d22cdd8a7014a8ba192f14ec08

    • SSDEEP

      98304:kvUmXRt5VzTFMD4cF7goxVKj5OJPL2PsoZ:kPRt5lTiDtFjVK1CPaV

    Score
    1/10
    • Target

      Setup.exe

    • Size

      8.7MB

    • MD5

      480f8cf600f5509595b8418c6534caf2

    • SHA1

      dc13258ebb83bdf956523d751f67e29d6e4cf77e

    • SHA256

      6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2

    • SHA512

      f0bd99f68d59e80538fb276945d0f383394cb94a35c6d12ebd3e87061222249f78b9ca75716b33e36b66842b97c71149612111fcb6a8a3bc3a97635b03934aaf

    • SSDEEP

      196608:Ywdj1UbkCchr3rlFE8GCWhKUzGZ3gRTFHnBz58//o:Yw91Ubkxhr3rlFHWhKUzGZ3gRTFhzi/o

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

    • Target

      iepdf32.dll

    • Size

      4.3MB

    • MD5

      c12113bdda61107107736c98c58ca8f1

    • SHA1

      0ce6383dacb79190c174ef3123f2a5c135a73125

    • SHA256

      b748e5dc64f5ece1b256705b7365a89b3be9284587da5f3abbde4be78864867e

    • SHA512

      1186569e6d523e1c032f3b6fe32d42017c3d712489fba085395c74649657bfcadcff52a1e2d0e87afdda2f9613325107ba210769b70e490d16ef37189ccd95c6

    • SSDEEP

      98304:RszKnK7RZKZk8AZ1uWhgTsOQbIW5gmTKuCIUMPaLownwCIC6Q3:RRZkB1WogmFPaQCIC6e

    Score
    3/10
    • Target

      indecorum.tiff

    • Size

      47KB

    • MD5

      b8156c34e73375534ba79a1aeea74c2c

    • SHA1

      4259f2e091641f6f3431f5375e6539841777b141

    • SHA256

      ec0299b6a1fb233174f2c022ebbd5229d015898c58c770e4022b69b1b16c8b9b

    • SHA512

      402a64da0e9eb1b927722643fba9207930fcc0649ef18ab0dbe7cec35b3e9074f885a7ff7bfcc9fc57c1b4d192d48fd7026fc35ba82fdfb125aaa8264ae6e55c

    • SSDEEP

      768:wA0r5wuUOvLaJnWk0EyoTW4OByirVOVCGKY1mkON+C6mAzh68T:wt2MREzkrVzR6Fm2

    Score
    3/10
    • Target

      plugins/Config/nppPluginList.dll

    • Size

      203KB

    • MD5

      b65fdddd07b2cac6fbe48b965a7f3f10

    • SHA1

      57873c8ae4ef062340299db8e92e616121011a51

    • SHA256

      9ff8dbeb2d3ca17cd543621464f37b3d9b78b7d9194e83294e9d06624fabb7bf

    • SHA512

      5afaf8409a8572f353c51e0e44201d0ab12a9c94aa97fee8097334cf5e37f409e123b852c3b139cd506ea8e8a802e0a771a0ce4ebea04c3905edd47e9b64f64f

    • SSDEEP

      3072:VuQtUEW4pggQikeV29r97Fo/rg4aSuhJFAhT1YfabjBK9zhH5oVI8vs:1tUr4/Dkq2FHQ1G37q

    Score
    1/10
    • Target

      plugins/NppConverter/NppConverter.dll

    • Size

      199KB

    • MD5

      13c6c862f6efcab7f9190ae77091f8c3

    • SHA1

      c80d1e8be75b658b2d226febc9365e1b7eed2f31

    • SHA256

      88ded8ea380aa1b2deb5a6ba0c600e74a445c862919bf15cd0deed3987f1951e

    • SHA512

      1518993690daf78d7883c19a6b9d78be205542888ce06f4e4a484b02b9108b13180657c45e93ddad0dfbea33554ca707ac5a170190ed27d35f3023647b3dc14a

    • SSDEEP

      3072:WVub4QxSy09L3pCQRUKobM56CjX6cr1+5tq4GtBXdj6oSOE6qglw:wXE09MQRMbkNKZ4799E6hw

    Score
    1/10
    • Target

      plugins/NppExport/NppExport.dll

    • Size

      153KB

    • MD5

      2e9427296085643dd15eed57360c4490

    • SHA1

      ea9cf44eac4d19e7dbc723b5ce2541dd9d6de31c

    • SHA256

      089780324ce5e5482876a9da6271dd7d7c0acc41dfff03deb6c5c1925828dd8b

    • SHA512

      b5089dd044b670da06fc95449a05fdc73cfe428e49eff55de2d73c4e9905cd82d32eb3567bf7709105fcb253c05d66552988599628f55afdec07543a546453cd

    • SSDEEP

      3072:4HWvf4whXRxCtyAKfbn52zwjMdsI54tWfdHak6yS:WWYwtRxCYAKfb5uwodsIjd6k6

    Score
    1/10
    • Target

      plugins/mimeTools/mimeTools.dll

    • Size

      145KB

    • MD5

      27aa04bd27cd40bebb2fe0f2923b3670

    • SHA1

      c0c5e034dacf5fb86f1fb83bd7870f4465ec6618

    • SHA256

      cdbdd182cac307ea29fcffde1243f73c07ea746d72fb94a38a3363e928de4039

    • SHA512

      8b5d5dfc8168698ddb4e395dab4c1458ae63254e4d823dfae761a39c2aaeb335e3fce4cc37e7230bdf16a15e7c1ba865e9bbd88770320379edf932fee29ad13c

    • SSDEEP

      3072:p/kcoI7/XB2WOy+mHw+etLrI76JavBBf87JD7P:pWI7vBiy+mH8hI76r7J

    Score
    1/10
    • Target

      rubadub.odp

    • Size

      2.6MB

    • MD5

      cb0817ee940dbcd0f78bf23c8d56009c

    • SHA1

      cdd5dc4e2296bb23378266e54d70a659fc3789e4

    • SHA256

      880e17f28599159f950fcae891afd280176d8cf5710242b5996da6e788eab61d

    • SHA512

      930762538cc932a99fe2b1fc8067e08a35a34ace0025ef36679f7837855252063b897c00fffe882095d741fdf579483f870cebb0442aaf789650f4a5779a3bf0

    • SSDEEP

      49152:RF/Tx+2gpXU9/eBr1JCqDL122/nvbxNTQ9upQisGau6EQgmHWFc:/x+3f+qDL42/zxKupQJGauSgVc

    Score
    1/10
    • Target

      updater/GUP

    • Size

      818KB

    • MD5

      1884dd352c2b8df7e7ee80573af580ac

    • SHA1

      cabd8ed8b7c65f403ecdd90a9dff142b044fb3fc

    • SHA256

      f22a7438a2226321324a81926bb311c25377ce977a32c84064d29e932fa22598

    • SHA512

      a90fa4a1dbf789b0a9d085e4e3dfbb6fe2efe5dccabe311bb6411529e5cb465e575291e414d86acbe82c9b39eb6d6cf92c45e5d29d6ff75782d98c201863039c

    • SSDEEP

      12288:HySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:SqMo2aWqT2KbpIFZ6PNeTw

    Score
    6/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      updater/LICENSE

    • Size

      7KB

    • MD5

      8e3494bf8cf1967afd3b1016fbbe5bb0

    • SHA1

      b1608abb6e19ef60f4b9c52f6e05bf81cc97d0c2

    • SHA256

      319917f5ccd09878db6f67c9a77dee846055644ca49eb535628b9e020a87261e

    • SHA512

      11294efdbf6203801edfc8c4a55e106e80196ae65bb024359c3d105736251be5ed7a5a1e802cb492be112668e1c6a632eca4cbcf9be62775a82adf6e5ecb974e

    • SSDEEP

      192:HhKdfuB05iy5ylXFln0LxDvvzDyf1/rKpC:4dfsgi6uD0LlPs

    Score
    1/10
    • Target

      updater/README.md

    • Size

      3KB

    • MD5

      bd0cd75d784913ded2152cd7a182853e

    • SHA1

      63a9a3231309a4acdd0c124b518257cc0dda88ee

    • SHA256

      0e7418f89ce1cad3b24d37f2b599cdf0b9d2e9a2a401d00e2fb9579e900160c8

    • SHA512

      67b5905270723f0b84973b6fa4cf0d06cd4fd0e72a877970491273ddea4d42819d8853134877c564fba7e3d69c4df322da7b5743b24928fa987c9fc20e776d0a

    Score
    3/10
    • Target

      updater/enco.dll

    • Size

      6.3MB

    • MD5

      6ff10e6ee4ffb13e6b3365de94c7981c

    • SHA1

      ad109e17485829da8408687de35bc0c0ddd6965e

    • SHA256

      b8ec0b5e43c165b1a244691350172843fa06f083cbc0888f9c138cd7107e1dec

    • SHA512

      1b00c001e4b7f25ba884540b959b93e2d49f9bd6e9a829a07accb2187fc41d414838645dafb3bcf05bc79217312e4ccad71ae7b90dda9a4b88580532f7895fcf

    • SSDEEP

      49152:7m1nUoSLyXmFSbFx8q78C1XXpDYALLRENU9Qd+bukZv5GR2EHxjCZdJdZcDrgDQL:9FSbrB4WXWU9w6ZJMtHE9WbKF0l

    Score
    6/10
    • Checks for any installed AV software in registry

    • Downloads MZ/PE file

    • Target

      updater/gup.xml

    • Size

      4KB

    • MD5

      abde55a0b1cb4a904e622c02f559dcd1

    • SHA1

      1662f8445a000bbf7c61c40e39266658f169bf13

    • SHA256

      92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5

    • SHA512

      8fe75fb468f87be1153a6a0d70c0583a355f355bfe988027c88d154b500e97f2c5241d9557ebb981067205e2f23ad07b6a49c669cd3e94eaa728201173b235a0

    • SSDEEP

      96:rrxgFDl+72Y+WbPRkrm1+U4YeJS2kG6QrABYUCJ8PYPwJrkFI:rVgFhunzbpka1+UNQo2sBCPwJrkFI

    Score
    1/10
    • Target

      updater/libcurl.dll

    • Size

      728KB

    • MD5

      55749af1692a3e5ddf168a0d212ae549

    • SHA1

      0edfb6d343a5d8ccb68f836dbfa40ccdf2ecaab0

    • SHA256

      6b15342b708e58e7dcec14ebd54bbcbc33d7081d8ffea93f8c59b64879e011f0

    • SHA512

      7042a8a82bbf402a41be9eee63b2a2ea8f57b0226b1019cc652bf0050e75f833d11c7f64b0fde46d4d3882ec5eab85b8d15f41a50133d69990b80bd70d1df032

    • SSDEEP

      12288:/vnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:/VekCoa5l2P2B6hdQvl03msMy

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
5/10

behavioral6

lummastealer
Score
10/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
6/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
6/10

behavioral28

discovery
Score
6/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10