General

  • Target

    CCleaner Lates Uptated.rar

  • Size

    6.8MB

  • Sample

    240528-r5xgqsae36

  • MD5

    123ec92d61364bbca32cb3bd79cc9a4e

  • SHA1

    594e15c105eb6c6787ca4e1ee6e4048af68fa48e

  • SHA256

    dee1bcae2ccd88ba957e0a9aaecb6ea038c04ed200bdc39ca51a5755163d758e

  • SHA512

    45490502d6cb52abca0ec1212444125f65f8c879d2d0f629776ad12f1c61fae2c8e938b334e3f850c493b361c79aa9e6df78a1a56cd117394a541137ac0ea3a3

  • SSDEEP

    196608:7KXFpfOSHbiDyEzy4Y4+XS7SQI4kPkK96:7iCS7iG9Z4+hkkPkp

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://survivalpersisttww.shop/api

https://horsedwollfedrwos.shop/api

https://patternapplauderw.shop/api

https://understanndtytonyguw.shop/api

https://considerrycurrentyws.shop/api

https://messtimetabledkolvk.shop/api

https://detailbaconroollyws.shop/api

https://deprivedrinkyfaiir.shop/api

https://relaxtionflouwerwi.shop/api

Targets

    • Target

      CCleaner Lates Uptated/Setup.exe

    • Size

      1.0MB

    • MD5

      7bb40f1815599015355f7759eef4f01a

    • SHA1

      5c5ac81906d13d3e16ff65e5481dd3265bf9a206

    • SHA256

      7ef1cd55cd4ae7a69188d5f719aeff7bb5e4f0937ad943331a1f9ef26f81f8e8

    • SHA512

      6e8333c3e2950f088706e9d2d451744d1b52a1207253a908ab9e6242f78766542052869b22413cc09b360252269837f40af834e84ebbc898ef638cf3ef389845

    • SSDEEP

      24576:HfLevYo45y5S8bduWd499UXV5Zfn85JwA5H+3wij:/qAo45y5S8MH2VH8kA5HIj

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks