General

  • Target

    Setup.exe

  • Size

    531KB

  • Sample

    240705-yjrspathpr

  • MD5

    b1479bd80cbfea3cb5db91c52bba0615

  • SHA1

    5669b797bd023efbc6f1e6823a9b1b98f4031ad3

  • SHA256

    1dda11a1f85b968ac0cf7b71f31956839690a7134069fe6073062021d53b5023

  • SHA512

    3bd87b7deb5cad4f4a89ea366ce6f8c23eb5a5d2f0c079c1d97b9d3a5b98e83e5396f0af1b3cd435fb75d195284856369e7811e5462a2b8f1bc9b55ec7b86f61

  • SSDEEP

    12288:+egSWmZ6T5wsKyrrSJSPu4sVDOcotJTGX9w32tsh:+ejFZgtESPuFaU9wGts

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      Setup.exe

    • Size

      531KB

    • MD5

      b1479bd80cbfea3cb5db91c52bba0615

    • SHA1

      5669b797bd023efbc6f1e6823a9b1b98f4031ad3

    • SHA256

      1dda11a1f85b968ac0cf7b71f31956839690a7134069fe6073062021d53b5023

    • SHA512

      3bd87b7deb5cad4f4a89ea366ce6f8c23eb5a5d2f0c079c1d97b9d3a5b98e83e5396f0af1b3cd435fb75d195284856369e7811e5462a2b8f1bc9b55ec7b86f61

    • SSDEEP

      12288:+egSWmZ6T5wsKyrrSJSPu4sVDOcotJTGX9w32tsh:+ejFZgtESPuFaU9wGts

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks