General

  • Target

  • Size

    167.6MB

  • Sample

    240705-tl4statenh

  • MD5

    2c81db0cc381a3ed7ba632d3e6aaad83

  • SHA1

    0311c3f2acb408b3109808f8b4ea8e10b4966f20

  • SHA256

    7da7d152162fd0a796b93b2f28715c50b577ac71a1107b668dc6b2834a5602ba

  • SHA512

    80b6ea16046a76e5e60326fd45aa189da36bd6d9bdc86e4422f4e6bad131451cbae0b9ddbb4ed41d55f6f22c4d124fef068f9bf812662281890c4b9f8ac7c0b8

  • SSDEEP

    3145728:dbuy3ZlXH+xG7ncZnsbXvL8DDC2EhXXYKH1DBAjWAWNAPn0nKzl:dntH+QTcZnqfADu2wXYKVDBNAWNAP0E

Malware Config

Extracted

Family

lumma

C2

https://bouncedgowp.shop/api

Targets

    • Target

    • Size

      167.6MB

    • MD5

      2c81db0cc381a3ed7ba632d3e6aaad83

    • SHA1

      0311c3f2acb408b3109808f8b4ea8e10b4966f20

    • SHA256

      7da7d152162fd0a796b93b2f28715c50b577ac71a1107b668dc6b2834a5602ba

    • SHA512

      80b6ea16046a76e5e60326fd45aa189da36bd6d9bdc86e4422f4e6bad131451cbae0b9ddbb4ed41d55f6f22c4d124fef068f9bf812662281890c4b9f8ac7c0b8

    • SSDEEP

      3145728:dbuy3ZlXH+xG7ncZnsbXvL8DDC2EhXXYKH1DBAjWAWNAPn0nKzl:dntH+QTcZnqfADu2wXYKVDBNAWNAP0E

    Score
    3/10
    • Target

    • Size

      110.8MB

    • MD5

      d0df0647d2681b9d311c11078ccf5812

    • SHA1

      6d2fb23200b7aa0b6ee64a44c40cb22974f6744e

    • SHA256

      f8f22ed85c5e62f8c18d55f794d9c9ff8e864fd9f30c35e2b97bff1917afee1d

    • SHA512

      5d4d20dec45570680214212e2937b504ee0fcc1413dec076a85f94a0709d4e91691b75967f688a5bbc7afe9d2fe90175765c6c5fabae69d14de3f56fed466fb0

    • SSDEEP

      98304:f2OktbpMKV13qLdT/RJywAFh20HEKG4EURcQ4i9:BC1aLdLRJyw220kKdj9

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Suspicious use of SetThreadContext

    • Target

      Settings.ini

    • Size

      7B

    • MD5

      7a1920d61156abc05a60135aefe8bc67

    • SHA1

      808d7dca8a74d84af27a2d6602c3d786de45fe1e

    • SHA256

      21b111cbfe6e8fca2d181c43f53ad548b22e38aca955b9824706a504b0a07a2d

    • SHA512

      94abfc7b11f4311e8e279b580907fefc1118690479fb7e13f0c22ade816bc2b63346498833b0241eec2b09e15172e13027dc85024bacb7bc40c150f4131f7292

    Score
    1/10
    • Target

      d3d9xx.dll

    • Size

      49KB

    • MD5

      d7cce8c8e0aec9d35c0ebed3a96341bb

    • SHA1

      c3d4d543fddfc20b2e63a0dc48691ec1a605bb1a

    • SHA256

      50765305e75a955fc54b15262abed6488c8a1ba1677798fb50c6feff3e328cbc

    • SHA512

      1d6990cb306b1157cddc149ce80c0434bf26ba1658e01303eb909af246c960c8831a909560f6b415182f36a895be3bf219107ff99647d9b969f4b1a4e9c72356

    • SSDEEP

      768:ZPLzii/Pe3CJL9h0YsQ/9BvJg+udwkGYLKrPCKWhVRDg3XoFfmk7UwDCpsZQj:ZPLGj0xpJgFdwkKrPCZhH8Wh7UwDjZg

    Score
    1/10
    • Target

      libcef.dll

    • Size

      19.4MB

    • MD5

      60be2cec0d95bb135d4452f39aac6805

    • SHA1

      e2de1c24e924d16d66d7d128bc63213f04500d9a

    • SHA256

      391b7e66004d7845f5caa7d70f106dac7d0b49538954c55601ed7b5985c3d699

    • SHA512

      d50579fe0176477da1c78aeeafb1c9fdaa8905646d9fd32edd4bd2ccdd0591b97721d9cef4a546fcc6816a0ab56f9c2c6c31ccdfc19e7ad998a6ebddb6a3921d

    • SSDEEP

      393216:fd4hk/HQezExvwV4mRmT3E70OQSf8j263wrUGu2SfYpfPvZTU:fd46/HQJxvJmP70OQGupwrM2S8U

    Score
    1/10
    • Target

      licension.dll

    • Size

      37.4MB

    • MD5

      d259e05a1a5962201a50bd6a71be440f

    • SHA1

      8fd79622e56b735a7092e271d391bb310c170318

    • SHA256

      2c1624e5269cfd37321f4fa2a11b5af00bdf354a4d51347ab53d2010f245064f

    • SHA512

      2602ecb6c2e64098b3ed109e02e04bc61039c5ac519982c56fdc1e8eefec901bf1b9c2f03cc578ba281519a53400543b0984f141d54c926c8a5d3595019c072c

    • SSDEEP

      393216:kTHIb6yxZMP4Fsb0Lfi4KgTYaoC2dQn8bNJPv3M/X273Jaj6xGEH:9MPVOQ6v275a+xB

    Score
    1/10
    • Target

      open me - 1212.txt

    • Size

      276B

    • MD5

      769336e97bb4ce5e1af1d04bff97610a

    • SHA1

      0b0e7ae2d7e8abd2f6b40039fb88ac857de641a9

    • SHA256

      952605005850dce5b64862e07b3ccbfa73abbd688ab642fa21b19601a1938d32

    • SHA512

      12f6c30de589d22cd39e306c484b61bc3a802c940bee84315633a095a1931cc2c3c3d22771c497c3f45107866d6e6f276bbc5851d12378839caa1428b4820265

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks