General

  • Target

    WaveInstaller.exe

  • Size

    629KB

  • Sample

    240707-zbzn1azerh

  • MD5

    535de7c69bf1dcb0da75019378d1013c

  • SHA1

    86431b08e2aa7d894b24b63d79c7a0528c4aafe9

  • SHA256

    3a8885e171cf29f974602ae3bd8b6af640977748b131c3aaa317712884c46b4c

  • SHA512

    7ca6f5689fc298ea94eef82f7b21a0c51ed6d74cf5dd0d7fc3a042ed9c421f1002dd2fbeea09ff199b9d2c932d4d54d43b4b885a57107383ac090d6001ec0086

  • SSDEEP

    12288:qbhEv/GoncquZUEn4scjlgW9AbOFQZxuZwgOIU+At0++xs06MS6Vo1dAu/FPbACe:qbh8fcqTy45lgb

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      WaveInstaller.exe

    • Size

      629KB

    • MD5

      535de7c69bf1dcb0da75019378d1013c

    • SHA1

      86431b08e2aa7d894b24b63d79c7a0528c4aafe9

    • SHA256

      3a8885e171cf29f974602ae3bd8b6af640977748b131c3aaa317712884c46b4c

    • SHA512

      7ca6f5689fc298ea94eef82f7b21a0c51ed6d74cf5dd0d7fc3a042ed9c421f1002dd2fbeea09ff199b9d2c932d4d54d43b4b885a57107383ac090d6001ec0086

    • SSDEEP

      12288:qbhEv/GoncquZUEn4scjlgW9AbOFQZxuZwgOIU+At0++xs06MS6Vo1dAu/FPbACe:qbh8fcqTy45lgb

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks