General

  • Target

    Software v1.12.rar

  • Size

    110.7MB

  • Sample

    240706-t8vhnavgpq

  • MD5

    f084b97d12fd11e9488e242c4f491923

  • SHA1

    2dbf0f04b1f0aaf321ef17fbf4189f93716c2627

  • SHA256

    2cdd242e5363cc24b7c79306c2c69fa1173e8435faab39c4f88270cba30147a4

  • SHA512

    467587d011f8e776600ecec0038d1c1cce744376c6c8fc0dbc7a2eac7c5bf94bc57f3b6c74bb8fabf5f374f13896ecd7c212b3457c18e1421ef3e6563d9b4f06

  • SSDEEP

    3145728:esYr/Vje4Q40wi54OLpxxdAAJUkosCLJPtJ8zEpwxO1Fc:+/Ve4Q40JBX+6UkosCxwE1I

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      Software v1.12.rar

    • Size

      110.7MB

    • MD5

      f084b97d12fd11e9488e242c4f491923

    • SHA1

      2dbf0f04b1f0aaf321ef17fbf4189f93716c2627

    • SHA256

      2cdd242e5363cc24b7c79306c2c69fa1173e8435faab39c4f88270cba30147a4

    • SHA512

      467587d011f8e776600ecec0038d1c1cce744376c6c8fc0dbc7a2eac7c5bf94bc57f3b6c74bb8fabf5f374f13896ecd7c212b3457c18e1421ef3e6563d9b4f06

    • SSDEEP

      3145728:esYr/Vje4Q40wi54OLpxxdAAJUkosCLJPtJ8zEpwxO1Fc:+/Ve4Q40JBX+6UkosCxwE1I

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks