General

  • Target

    creaminstaller.exe

  • Size

    517KB

  • Sample

    240705-p35dfsydlr

  • MD5

    ff6ebaba7de1e99d37206afc9f9281e7

  • SHA1

    c1f7bfb48bc6ff019ae697a9a724e821cb0b2624

  • SHA256

    0d58b7e445ac81c5000f1fc82566974158440aeabd57b2b16080659386ea64f8

  • SHA512

    22dd0ef1411ce92347f0fc055b2f869d33d7f058622228cbca5833b55ce7a3bcf5b3c25ad9cbbe859cb634a0e5bd5c884fc1e96f0f17cad55c2372109094141f

  • SSDEEP

    12288:KYAHs+2jwV5HLhhzAEeSZ3U7gOsIqvjM8gUnRfYpr0JP/trch:KYpVjUrfAEeSK71sJM8DBzc

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      creaminstaller.exe

    • Size

      517KB

    • MD5

      ff6ebaba7de1e99d37206afc9f9281e7

    • SHA1

      c1f7bfb48bc6ff019ae697a9a724e821cb0b2624

    • SHA256

      0d58b7e445ac81c5000f1fc82566974158440aeabd57b2b16080659386ea64f8

    • SHA512

      22dd0ef1411ce92347f0fc055b2f869d33d7f058622228cbca5833b55ce7a3bcf5b3c25ad9cbbe859cb634a0e5bd5c884fc1e96f0f17cad55c2372109094141f

    • SSDEEP

      12288:KYAHs+2jwV5HLhhzAEeSZ3U7gOsIqvjM8gUnRfYpr0JP/trch:KYpVjUrfAEeSK71sJM8DBzc

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks