General

  • Target

    wsltty-3.7.0.2-i686-install.exe

  • Size

    2.7MB

  • Sample

    240705-p45qlsydnj

  • MD5

    ccf9e0111109fd964a343904a1747041

  • SHA1

    cebc930117814de13b0543e7190a1f5b9bf51dcd

  • SHA256

    aba457d49c99294c895f8df69714801019ad69a4931f04c7a5a9c50f0ab122a7

  • SHA512

    c2e79ed166eef00afea3371f1b6c03d98669ec7bf05c967fc20fd067be07ed6fbafee23c1f2da3743a6627aa99e8c6537e824a6fdce27d05c5f95279dc930564

  • SSDEEP

    49152:f99R4yDjdEns7UmYmw+j98a7TnDEJWnc3AOBwXGwcg6p8baXzGXi:1HHEns7Um9duWDEtQcwW9gDG6S

Malware Config

Extracted

Family

lumma

C2

https://assignmentygassdyw.shop/api

Targets

    • Target

      wsltty-3.7.0.2-i686-install.exe

    • Size

      2.7MB

    • MD5

      ccf9e0111109fd964a343904a1747041

    • SHA1

      cebc930117814de13b0543e7190a1f5b9bf51dcd

    • SHA256

      aba457d49c99294c895f8df69714801019ad69a4931f04c7a5a9c50f0ab122a7

    • SHA512

      c2e79ed166eef00afea3371f1b6c03d98669ec7bf05c967fc20fd067be07ed6fbafee23c1f2da3743a6627aa99e8c6537e824a6fdce27d05c5f95279dc930564

    • SSDEEP

      49152:f99R4yDjdEns7UmYmw+j98a7TnDEJWnc3AOBwXGwcg6p8baXzGXi:1HHEns7Um9duWDEtQcwW9gDG6S

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks