General

  • Target

    4bbf25acfe56a5108ad9c90d3586f28a4bf58b2a032f8a6b30fbeb96b7c35ec0.exe

  • Size

    508KB

  • Sample

    240708-bhdhcaxdpb

  • MD5

    828db3f05fb04961a7787b56d7040332

  • SHA1

    6824f8bc1f1874a65dc383d6d8c3b357ee74b232

  • SHA256

    4bbf25acfe56a5108ad9c90d3586f28a4bf58b2a032f8a6b30fbeb96b7c35ec0

  • SHA512

    51c60576d6ff8d768eb2150a0efd0072203f60ac73a1f8844f78341316093d54131175f87a7ae8333bfbafae6cd14e37968b4ce91c92c18b5f9c2b87ab4876f6

  • SSDEEP

    6144:wPiIYs5NgW3IPHKSv0oMCkpmcYr29wnxAxCrVa6ot6ifWoU7iaJAP2d+PwpWDMEK:uKs5NgWCvNNCEixChEdRUO8pQq8JtXy

Malware Config

Extracted

Family

lumma

C2

https://arritswpoewroso.shop/api

Targets

    • Target

      4bbf25acfe56a5108ad9c90d3586f28a4bf58b2a032f8a6b30fbeb96b7c35ec0.exe

    • Size

      508KB

    • MD5

      828db3f05fb04961a7787b56d7040332

    • SHA1

      6824f8bc1f1874a65dc383d6d8c3b357ee74b232

    • SHA256

      4bbf25acfe56a5108ad9c90d3586f28a4bf58b2a032f8a6b30fbeb96b7c35ec0

    • SHA512

      51c60576d6ff8d768eb2150a0efd0072203f60ac73a1f8844f78341316093d54131175f87a7ae8333bfbafae6cd14e37968b4ce91c92c18b5f9c2b87ab4876f6

    • SSDEEP

      6144:wPiIYs5NgW3IPHKSv0oMCkpmcYr29wnxAxCrVa6ot6ifWoU7iaJAP2d+PwpWDMEK:uKs5NgWCvNNCEixChEdRUO8pQq8JtXy

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks