Resubmissions

01-06-2024 22:49

240601-2rysrahf3t 10

01-06-2024 22:44

240601-2n2egahd8s 8

01-06-2024 22:34

240601-2g9ghahg49 10

General

  • Target

    randomscript.ps1

  • Size

    1KB

  • Sample

    240601-2rysrahf3t

  • MD5

    322d6110a033d0aadfc40c14b8668fc7

  • SHA1

    810a4c158b6016c990ac9653e89a6e9af79d578c

  • SHA256

    22b607cba20413cd4363dd69d04d7ecda694ce3cf514f965a74c3605c7793248

  • SHA512

    8e7c57e67c61ef9480f29232015a375718ae4defcf2603069da297dac0e4c4792f2f95371fda521c7fae8e077d38bdb34c5169d9fddc45064b37488a1d5e0699

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://drinkresources.rest/df/data.zip

exe.dropper

https://stats.drinkresources.rest/post.php?status=2

exe.dropper

https://stats.drinkresources.rest/post.php?status=3

Extracted

Family

lumma

C2

https://grazeinnocenttyyek.shop/api

https://horsedwollfedrwos.shop/api

https://patternapplauderw.shop/api

https://understanndtytonyguw.shop/api

https://considerrycurrentyws.shop/api

https://messtimetabledkolvk.shop/api

https://detailbaconroollyws.shop/api

https://deprivedrinkyfaiir.shop/api

https://relaxtionflouwerwi.shop/api

Targets

    • Target

      randomscript.ps1

    • Size

      1KB

    • MD5

      322d6110a033d0aadfc40c14b8668fc7

    • SHA1

      810a4c158b6016c990ac9653e89a6e9af79d578c

    • SHA256

      22b607cba20413cd4363dd69d04d7ecda694ce3cf514f965a74c3605c7793248

    • SHA512

      8e7c57e67c61ef9480f29232015a375718ae4defcf2603069da297dac0e4c4792f2f95371fda521c7fae8e077d38bdb34c5169d9fddc45064b37488a1d5e0699

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks