General

  • Target

    a4f7b21dc88bdcf27cbe929d4bba979f759320b53f7e826bc0a77f55ebbf866c

  • Size

    4.1MB

  • Sample

    240706-cd8y5asejp

  • MD5

    69cf15bf1f894ed8a9e8027bbbb6741b

  • SHA1

    e9802c99576be9f6db21ab12f20497e76b12fd4b

  • SHA256

    a4f7b21dc88bdcf27cbe929d4bba979f759320b53f7e826bc0a77f55ebbf866c

  • SHA512

    4f9e4e22bac5e832cc13ad470fd7feac1559dae87867a890cc02cdd856dbde708e7156b5f0953efd2f1e91e2e0498236a79192f15db2a8534e1c35e0b9ef25e6

  • SSDEEP

    98304:4Tf4xuskaKg8Qn0Jk9793JFQ5CpIYA4whaZA8DSgiGBIF3E+1cp:4LhfaKxQ0Jk9b65eIsyYHLWFULp

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://unwielldyzpwo.shop/api

Targets

    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/AlphaFS.dll

    • Size

      359KB

    • MD5

      f2f6f6798d306d6d7df4267434b5c5f9

    • SHA1

      23be62c4f33fc89563defa20e43453b7cdfc9d28

    • SHA256

      837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd

    • SHA512

      1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211

    • SSDEEP

      6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/License.dll

    • Size

      5B

    • MD5

      b08a5c34cf0a06615da2ca89010d8b4f

    • SHA1

      626a77d86d9d12d1772f788cf67c8e77fd9f797a

    • SHA256

      04cc5b3b49a7e9e9b6c66c7be59a20992bf2653746b5d43829c383fb233f88fa

    • SHA512

      5dce742cd0f649461b08f8f8018e0fa39ef19e813a74a91f434a15754a4fa8be83096e8fa49cf1828ac011220b7ad3724e7e4ea9cce7937a3168169d8e561b2c

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      715a1fbee4665e99e859eda667fe8034

    • SHA1

      e13c6e4210043c4976dcdc447ea2b32854f70cc6

    • SHA256

      c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

    • SHA512

      bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

    • SSDEEP

      12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Debugs/VersionStable.dll

    • Size

      154KB

    • MD5

      256b4899fe0539473d7822b59c5c7651

    • SHA1

      77e43ff036d3b98b248fd6e9d8cf92933db3a1d5

    • SHA256

      1679ba211343d60e039a51c0aeb921081fad2a3466645a958da5baa2eeea8d83

    • SHA512

      a43c622715e4beb33f9829deb48e3b4165e6d81d00186d01cda4f8347bc9a944c3d074c7eeed6ac527438f1d414870938ae4ec57486cb1b8c828c5a46f1e8378

    • SSDEEP

      3072:IXKxDMTm+vt0BGlsvXqW9OxZ6BQTsLaEtF+rdmLvejb:ejm+vtOGWvaWArEtQNb

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/ErrorLog/DirectoryMonitor_[1MB]_[1].exe

    • Size

      1.9MB

    • MD5

      76067380db217854920c9652e6276ae1

    • SHA1

      10442a38db18218953418b84bb8684a3fa399312

    • SHA256

      d74373f86c366409db3392258b552e35477ffd47d968d094abad170663193fc6

    • SHA512

      91a42d2196b42515132ccdbc40dec46396995d80da5a44eded2d16fe4350c50a68a2556a80acdccef823bc233b4fa5a88a6423748e9fea2e23795339795857f9

    • SSDEEP

      12288:hc6VJx4LOQyQLkoCPs+b4H4APA60jEcflSIQZXDVrZLpYHT:hhJxPQySCod3c8pZzhnYHT

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Libs/Extreme.Net.dll

    • Size

      121KB

    • MD5

      f79f0e3a0361cac000e2d3553753cd68

    • SHA1

      4314bcef76fddc9379a8f3a266b37d685d0adb79

    • SHA256

      8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd

    • SHA512

      c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355

    • SSDEEP

      3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Libs/Injecting.dll

    • Size

      507KB

    • MD5

      da2b07289f9853d57b19a5299e0e763f

    • SHA1

      9f38aa225429081b1a25100177b05dee8cd0a02a

    • SHA256

      1d65ed9e476136a6608c7547539cea5b5c888b177ca93aeaa67b2466ada3982a

    • SHA512

      466cb7b1e19ac5ebb4c1186bfb74b95ae8b21f621cbd538060c45df1d62520f9b03bad9ce19c30143ad1b04d47bcb1d4235c8d519647ecbcd6ec13b2cf5ddd69

    • SSDEEP

      12288:Md+At7LVue0pEt/g+mKCPVIHM9uSLllGKV:M0CiQXmPdIHofwE

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Libs/libEGL.dll

    • Size

      258KB

    • MD5

      3abaa006e1842b5a3cbed2a41476cae8

    • SHA1

      717f3cf9e7c07073f41841cd7fa9858b76265b33

    • SHA256

      a96cdb651c862120489b30b40a716c3f20b772ac4ba8fc70aaccbb1a568005f2

    • SHA512

      84fa2bf370797c7ad2e63287b6e4bb785a88871830ad261ae38afb05cf8bac574f68539bdc0327c3c254a49e52c7da28bc0ee748db99b2f82ca86b08d9f18735

    • SSDEEP

      6144:O1w9H8OGFO/vqX/PSOW8ijs9z6Y1gpAOs+4uL68:O1aUFO/vqX/Pz2sb1gpjzv

    Score
    3/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Libs/libgcc_s_dw2-1.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe

    • Size

      1.1MB

    • MD5

      f975a2d83d63a473fa2fc5206b66bb79

    • SHA1

      e49d21f112ab27ae0953aff30ae122440cf164b9

    • SHA256

      6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8

    • SHA512

      4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64

    • SSDEEP

      12288:IbCylcTVPbi7vT1K7n6HpVkg8KHIo5u0K1VmMxEnbuvuY2jTU+LHMA+nk2oG1ts:4lcTVPbikTMkg8KH/mmMxnvfphx8

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/caret.xls

    • Size

      779KB

    • MD5

      4d4b5ccd0ff38d099e68792ee07c4a99

    • SHA1

      f529d6bb59e1edd6ee57b7ceca20afaa2272d157

    • SHA256

      90b7b1dbc330af1f1d80403bacb25b46506b666aa9182fef90aaec5d612507a7

    • SHA512

      b8113fef6c0e7dea4ad6615fa0a451e72f481d72691d9f4001196be7784df8620ea8b7c00456a546204e0540580eaa13a4bb7ed18ef90ba7a7022682573484f6

    • SSDEEP

      24576:77Z3f25EtWkLrj3JbYNkORIyRJ505UJ3z1lyhgG:puqJbMkU05UJDGhv

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/msedge_elf.dll

    • Size

      3.9MB

    • MD5

      b37d0df4c44e4e1e9502f6b90adbd73d

    • SHA1

      2164d4fd7184f2ed4ebb225f2ea36b84c001f7ee

    • SHA256

      0b16174a0a47cfcabf5dd427e56355b806467ac3284d5d55f66aa19fbcf91e92

    • SHA512

      f5fbb1d506835a4cedd2843a7ff1e1b750ad0c147730e9de521de0c1b67cece4ded32ea0bf153341f9fe6630febb7af785b117d4c49fdfe01e65a18fc450a265

    • SSDEEP

      49152:dB3FRoUiZNneKuALVm76f7qOlTVhX9TbvIyULS9j3vZ90tXq+iarIQKf8klU4AXv:7izZu69kO9j/itKUka

    Score
    1/10
    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/test.asp

    • Size

      53KB

    • MD5

      012206c2a828f8687db2a3e5e878068f

    • SHA1

      ee75d067cebca73b982546e1d4c7c7cf32569e8a

    • SHA256

      42f229a1430516ca02825a0b8ead2aa296c1a1cd7e1b41165d918e6657fe4ac4

    • SHA512

      8a0c894cdf75f675b692a3e5fd0db278536c7b8044490fd1a83b47ca606996d9d36190017f33ff9874e0223dd6e2dbb9f5173c870d501e0ae57fbc2bb6ca323b

    • SSDEEP

      768:3N8JIZSJ8vzKXwLldvfFBG+2WXT750jbo7i/mogJFQHEb7KJbvWOzh8S9Dj9qOYG:xhLKgbv350YWaSHWHOF8S9Dj9xDUJvM

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks