General

  • Target

    FortniteHack.rar

  • Size

    672KB

  • Sample

    240706-cw82vatakj

  • MD5

    44ae3db67924102fac1da028acc51527

  • SHA1

    366a48b59cf14649a1a0b9f9ac044497f2b6a36a

  • SHA256

    40e72b30c0ae514e773b17acfa9d770dd43425e4f5cc181eb1e9041fb2f9efb6

  • SHA512

    c2db740a8ba54025dd41a597b3ccab64e45bc52d9aa35d10bdbb4467eaee27f20e08cf5dd2f618537e3d98b076673f9de1f98057f562c4e02e01604e70795a13

  • SSDEEP

    12288:7ZGDR5/pBp4K5lxiNlluDTEfX3VxEQAhtN5SF6Hb24GWl9WN/Z1r9xZQ:1GDLpBKNllyTm3gQMH24AN/Lr9xG

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      FortniteHack.rar

    • Size

      672KB

    • MD5

      44ae3db67924102fac1da028acc51527

    • SHA1

      366a48b59cf14649a1a0b9f9ac044497f2b6a36a

    • SHA256

      40e72b30c0ae514e773b17acfa9d770dd43425e4f5cc181eb1e9041fb2f9efb6

    • SHA512

      c2db740a8ba54025dd41a597b3ccab64e45bc52d9aa35d10bdbb4467eaee27f20e08cf5dd2f618537e3d98b076673f9de1f98057f562c4e02e01604e70795a13

    • SSDEEP

      12288:7ZGDR5/pBp4K5lxiNlluDTEfX3VxEQAhtN5SF6Hb24GWl9WN/Z1r9xZQ:1GDLpBKNllyTm3gQMH24AN/Lr9xG

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks