General

  • Target

    github.software.1.2.9.exe

  • Size

    516KB

  • Sample

    240706-m5gdaszcne

  • MD5

    0b7ef465e6ad4c6a671736f20f79e141

  • SHA1

    ecc766f41168c898e985f5c502d000cee588d2b8

  • SHA256

    2a1152a8f1689bf251fbea5c21cc178537ed20a6c92f6bff63403092df23d0c9

  • SHA512

    6fe7dc79b5b023b9bce193c65c54a75065cd569c60492e6f08e6f23fc0865690abeb34644dc384a09eac618cfb2c09f2df74efdf4a2d733f8f60fbddb0555120

  • SSDEEP

    12288:D20S+N0KzL7CteqhzPQkAjY1K1mDuNuQi:G+NRat5hDQkAj

Malware Config

Extracted

Family

lumma

C2

https://closedjuruwk.shop/api

Targets

    • Target

      github.software.1.2.9.exe

    • Size

      516KB

    • MD5

      0b7ef465e6ad4c6a671736f20f79e141

    • SHA1

      ecc766f41168c898e985f5c502d000cee588d2b8

    • SHA256

      2a1152a8f1689bf251fbea5c21cc178537ed20a6c92f6bff63403092df23d0c9

    • SHA512

      6fe7dc79b5b023b9bce193c65c54a75065cd569c60492e6f08e6f23fc0865690abeb34644dc384a09eac618cfb2c09f2df74efdf4a2d733f8f60fbddb0555120

    • SSDEEP

      12288:D20S+N0KzL7CteqhzPQkAjY1K1mDuNuQi:G+NRat5hDQkAj

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks