General

  • Target

    KFlauncher.exe.vir

  • Size

    551KB

  • Sample

    240707-phd1rssapn

  • MD5

    101219048ce6d73fb8a92a731c2f6546

  • SHA1

    92d846e64c8d57e4db2f118e09c3fe46e67bc4b3

  • SHA256

    53aa6c3c439042df9157823b07c3c2b4e8e39c6090b6f9558e22837eac5f7411

  • SHA512

    79853dfaed89cc120aae0e618f9a867e8b98e60b54dfce5aa86e93605edb0f66b0d666cea64c816b4dd57b7e1902ddd3aaa0a318f2e7541828e6e054c3354c6d

  • SSDEEP

    12288:C0P9EDfkdB92gdknOAuSoETAHOrQNUyqR0w2pkNJ5sAx:C0PyDfkHMgKfuA0HOrq4R6qJ7

Malware Config

Extracted

Family

lumma

C2

https://piedsiggnycliquieaw.shop/api

Targets

    • Target

      KFlauncher.exe.vir

    • Size

      551KB

    • MD5

      101219048ce6d73fb8a92a731c2f6546

    • SHA1

      92d846e64c8d57e4db2f118e09c3fe46e67bc4b3

    • SHA256

      53aa6c3c439042df9157823b07c3c2b4e8e39c6090b6f9558e22837eac5f7411

    • SHA512

      79853dfaed89cc120aae0e618f9a867e8b98e60b54dfce5aa86e93605edb0f66b0d666cea64c816b4dd57b7e1902ddd3aaa0a318f2e7541828e6e054c3354c6d

    • SSDEEP

      12288:C0P9EDfkdB92gdknOAuSoETAHOrQNUyqR0w2pkNJ5sAx:C0PyDfkHMgKfuA0HOrq4R6qJ7

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks