Overview

overview

10

Static

static

1

Setup.js

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup

  • Size

    154KB

  • Sample

    240420-18h8ysbd49

  • MD5

    fbfe4e161a1f4a249fb5dd0b79755ca3

  • SHA1

    51e4dd8eb9b381a6385060f22fbb50016228b858

  • SHA256

    c384c2f5998845c9ab44484a3f8d8d0aa88b9cdb658d4e0250656354f1e351d7

  • SHA512

    a64ea7a919d833f01d14a249df3e99b2c2f762995459d508abcf20d4c9db1545c2c532b0674464a8f3e218781fe37feb660eebd2a90bdbc73be6244f3ec5d07c

  • SSDEEP

    3072:EIHm8ZyrTBcKLOuLLZaoA9V+hg3XcqyvMpzi70A7qqHpBelk:efLLZaoA9V+hg3XcqWMpzi70Auk

Score
10/10
lummaadwarediscoverypersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://alcojoldwograpciw.shop/api

Targets

    • Target

      Setup

    • Size

      154KB

    • MD5

      fbfe4e161a1f4a249fb5dd0b79755ca3

    • SHA1

      51e4dd8eb9b381a6385060f22fbb50016228b858

    • SHA256

      c384c2f5998845c9ab44484a3f8d8d0aa88b9cdb658d4e0250656354f1e351d7

    • SHA512

      a64ea7a919d833f01d14a249df3e99b2c2f762995459d508abcf20d4c9db1545c2c532b0674464a8f3e218781fe37feb660eebd2a90bdbc73be6244f3ec5d07c

    • SSDEEP

      3072:EIHm8ZyrTBcKLOuLLZaoA9V+hg3XcqyvMpzi70A7qqHpBelk:efLLZaoA9V+hg3XcqWMpzi70Auk

    Score
    10/10
    lummaadwarediscoverypersistencestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks