Overview

overview

10

Static

static

3

FieroHack.exe

windows7-x64

7

FieroHack.exe

windows10-2004-x64

10

#/LoadeSirus.exe

windows7-x64

#/LoadeSirus.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FieroHack.exe

  • Size

    676.2MB

  • Sample

    240422-rcdh6acb65

  • MD5

    76a3bd6e846f46f5e8b6c7b2f0d29c57

  • SHA1

    cb78a890bdfdb2f499e3d734f9caa0153bf9add0

  • SHA256

    d41b139970b0bab5449bc61bf9d79cd0287e04a7267d19df87dc7b295718cdcf

  • SHA512

    791f68758768373950df5e4dc77385e1f84fa0ac001846b5d4baeb7e330a03bc1b62048c17cfe5f2818b5b8fc06ab5b9c7d3e3b856498be7f11c05db2dd4bf6d

  • SSDEEP

    196608:OY9faXEN+pIePaH5Yl38xc0l6zedTuSkM0da2o:OY+EN+KeyHm6B6z4TuSk5M2o

Score
10/10
lummaxmrigevasionminerpersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      FieroHack.exe

    • Size

      676.2MB

    • MD5

      76a3bd6e846f46f5e8b6c7b2f0d29c57

    • SHA1

      cb78a890bdfdb2f499e3d734f9caa0153bf9add0

    • SHA256

      d41b139970b0bab5449bc61bf9d79cd0287e04a7267d19df87dc7b295718cdcf

    • SHA512

      791f68758768373950df5e4dc77385e1f84fa0ac001846b5d4baeb7e330a03bc1b62048c17cfe5f2818b5b8fc06ab5b9c7d3e3b856498be7f11c05db2dd4bf6d

    • SSDEEP

      196608:OY9faXEN+pIePaH5Yl38xc0l6zedTuSkM0da2o:OY+EN+KeyHm6B6z4TuSk5M2o

    Score
    10/10
    lummaxmrigevasionminerpersistencestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Creates new service(s)

      persistence

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      #/LoadeSirus.exe

    • Size

      828KB

    • MD5

      a4f2e2a0aa86a2089c13e1a3aa66bc3c

    • SHA1

      d44f14a38422169b4c31c40a9e723cc1edc583a4

    • SHA256

      a6165c0c5996c968bdc330791ea24b6152d86b014a885363f1f128971866cb45

    • SHA512

      6fc77e488f9cc0d78e7000c6c4629a08d531a68e19a445d267cc76f1eb6515e17b4317f9ecd387f59ca5b1b081f2bf11cd53551b8a0c9c94c552302661ba4213

    • SSDEEP

      12288:A4fuH+55/64fZOFRpA+91TTltMnmdz3zE4XT6L6nhdu4nN8N:Vue55/64fZGpA+91H6YBT6Ahi

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks