General

  • Target

    57340333fcf17e052d3b1b914593f080453234a640d03f327565bae605dcc7be

  • Size

    415KB

  • Sample

    240706-h8m8sszhjr

  • MD5

    5d431d9ad35031eb02165b6725a6f718

  • SHA1

    5228b9e4d3447e16bbf9d44b987f50c3dc8e7841

  • SHA256

    57340333fcf17e052d3b1b914593f080453234a640d03f327565bae605dcc7be

  • SHA512

    74ab2ba18a690cdbdf02a133e0478eee055b6c1e9d9235c701019ec777ce207b90837a05003dfba42ec6589052f762cfa6dff75f24af7db56d536d1855b81934

  • SSDEEP

    12288:5Scti6lyQtQYHu1f6/DmQDVR8zcFpBsoP4f0ue:Y7SyQtQYHw6bmcvP4sT

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      85356bb669ec17503e48ca457e99347f5386ba644fba9d638d4188a7b4970153.exe

    • Size

      518KB

    • MD5

      efc76b9581da08661c9c91c2a6e7d289

    • SHA1

      ef7674fe136d80308a44d99ac72b8be550604110

    • SHA256

      85356bb669ec17503e48ca457e99347f5386ba644fba9d638d4188a7b4970153

    • SHA512

      b2d3432b68b227a5ad64faf6cc789f32ab2234a070c25393849c3d170616a125c1c3c82e18a7952b3ddd3a0024ff845c67aa67ce9b011b9cd9b74e093fc4e5d1

    • SSDEEP

      12288:MnUGt+HbHe5BjPORtvLP9qpbY7/2E1yItd2ybSLxWP1yh:Mnncbs1PODZqpBCSiS8Pg

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks