General

  • Target

    ExtraSoft v.2.2.rar

  • Size

    1.5MB

  • Sample

    240525-rh4brsfd3t

  • MD5

    a32da6fae5e6a133911ad915267e6331

  • SHA1

    239ce2e4b9544193663328bc301b0ed2f0c3ecd4

  • SHA256

    aefc68a09627909d0bd3b761065f52ab15d7f4eb93c94894761fd274b68ce796

  • SHA512

    3a3a9804b2febe1ef9787234139dbca8a346242759a9f959d9afde7d5aba8ddd7cf805acfb27d6e178f04b6fa8b39537f43f016cb97a769b4212e6c08a9d589b

  • SSDEEP

    24576:EP6XxvVto9jazYLKNhc49lbO0wDPRv8Q71K4:EP6XJc49k7Rv8E1H

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      ExtraSoft v.2.2/ExtraSoft.exe

    • Size

      517KB

    • MD5

      6d3484be978ce7734185614a50fa2ef9

    • SHA1

      e665f2a7772514a04963f730258bfdbf66f63ad9

    • SHA256

      a324292e0860ef6b1722391ae046dc12820dc08eaadcbf6b83e873d36d421d46

    • SHA512

      d97298ac5e04a9212b05095ebc5077ee0a0115cd6e766fadc3d3591b9131d2d3899a66aed42a2bb53f005c8b4282c494f87994b127dcfddc015e7462e95ff4f3

    • SSDEEP

      12288:RLs3SmdMrtCsuc08EGss3ml5HBtv5cwvIq8:0SisucB2XjBcwJ

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    • Target

      ExtraSoft v.2.2/UniteFxUpdate.dll

    • Size

      255KB

    • MD5

      574558b3b586720a1b38e643970cc140

    • SHA1

      0fb77375348c8586f8578ef8861949ac191fdedf

    • SHA256

      c9966396c67f1782bad854724770b832799387eb2445bd48bbbd56f829e8e55f

    • SHA512

      64906b0b62f43660caa89c3bb9a50ba8acf0c2fec30a43e59e624dfc13cfb7f851fe761ae948b87ba3d60cdab17605411b214e76198ed19686580c333ff6ab7e

    • SSDEEP

      6:0vFXDOeeeeeeeeeXNGcJcJcJeCPePePePePePePePePePXKC++jk9:0vFz44eMQQQQQQQQQ639

    Score
    1/10
    • Target

      ExtraSoft v.2.2/api64.dll

    • Size

      282KB

    • MD5

      acfa9d5557efabcce4c0f879426f2cd9

    • SHA1

      63b9f97f18c93a43ecd2994251c732b81ad3a412

    • SHA256

      494384126a9b22000cfa4bb208060c7c485ef3286d539791d09df0897f841bd6

    • SHA512

      75d1607c8feb7fdf9ee6293f58f24a2bc8fa4b905ff850f6b28b5eb61e1ed111abad0102044617dfcbb79b368fc668fc07e7d0dfd0c1c0d2d95c040edd184372

    • SSDEEP

      6:xFXDOeeeeeeeeeXNGcJcJcJeCPePePePePePePePePePXKC++jk9:xFz44eMQQQQQQQQQ639

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks