Resubmissions

27/04/2024, 13:18

240427-qjxd6sbb95 10

27/04/2024, 13:14

240427-qgyjfsbg4t 1

General

  • Target

    L0ADER!

  • Size

    154KB

  • Sample

    240427-qjxd6sbb95

  • MD5

    03ec5def85aa15039683cd4b998ece8e

  • SHA1

    e128b2b18a8d5ae8b1cc50d6beb20793c130c932

  • SHA256

    31a0852f967a23f76a027fa2321ef833c7e2416376ad75f2744c270dd1d9ecab

  • SHA512

    d628c364c4b943fc6eb5d4d4d4e2c031450c6ef2ffa989b34c6fbf8043c82fea1921b2e59d22bd285f9335cc8d853da1bc24375c038055ec3c97d34c40c60c71

  • SSDEEP

    3072:EIHm8YyrCBcKJNuzoR7qqHb5NRs3wxDf04wlt8+70g3X3Ggk:EUcl5NRsAxDf04wlt8+70g3X31k

Malware Config

Extracted

Family

lumma

C2

https://peanuearthflaxes.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      L0ADER!

    • Size

      154KB

    • MD5

      03ec5def85aa15039683cd4b998ece8e

    • SHA1

      e128b2b18a8d5ae8b1cc50d6beb20793c130c932

    • SHA256

      31a0852f967a23f76a027fa2321ef833c7e2416376ad75f2744c270dd1d9ecab

    • SHA512

      d628c364c4b943fc6eb5d4d4d4e2c031450c6ef2ffa989b34c6fbf8043c82fea1921b2e59d22bd285f9335cc8d853da1bc24375c038055ec3c97d34c40c60c71

    • SSDEEP

      3072:EIHm8YyrCBcKJNuzoR7qqHb5NRs3wxDf04wlt8+70g3X3Ggk:EUcl5NRsAxDf04wlt8+70g3X31k

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks