General

  • Target

    168c5908924803d268d26965c32a5620.bin

  • Size

    567KB

  • Sample

    240708-btyyeswbpj

  • MD5

    83788db5d87aaa5cc0c9699886265628

  • SHA1

    bb3c1ec261158bce843e7a82c55b7019ee4cac8b

  • SHA256

    92e7e9a689a87ca00818ebad04d6bb147a4abaf75db978aae1f44b11d3907abc

  • SHA512

    6445d0250af5073ae468fc052e7a132ca1788c5cd44b99fcf01997c0f6ace62db7e566279aa7207c36de17c6d339ab5cea1b2544fa0dcb4562b02be61c07ea2d

  • SSDEEP

    12288:9fmVqu2hXR5Jp1laVcCyUDzxzun8VJE3KzzLoRZGaZNhP10bwZuUMcJUEdQsRa5f:oT25bRlaVctyxzunepAZGaZNBuboMcJm

Malware Config

Extracted

Family

lumma

C2

https://civilizzzationo.shop/api

Targets

    • Target

      2fd72d0d0fbc053a53adee5d9ec6cffde3fb5a3c6ba0c0490e24552b264d5449.exe

    • Size

      937KB

    • MD5

      168c5908924803d268d26965c32a5620

    • SHA1

      9e0e2dc9c7e931c4ee860c32d83711c433f7b1a3

    • SHA256

      2fd72d0d0fbc053a53adee5d9ec6cffde3fb5a3c6ba0c0490e24552b264d5449

    • SHA512

      749f0e4da8d6fde35b53e769b0b594c2e63835f970eedc54c8c15889863811b5fb296650ae9f5e255bafdd4b942ad3434a60c48e05f1283820c378d30645f1c1

    • SSDEEP

      24576:YlrD4dQCg30l8cwMKAWgXkALsi3XoiHbL1/2E47kRh2gPilPfy:6RE6cwMKAHO6XoGR/Slhi

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks