General

  • Target

    Loader.exe

  • Size

    537KB

  • Sample

    240708-ch78dsxdln

  • MD5

    6789be9206f0b6ba880ebfb351a17017

  • SHA1

    7a3041aacd56add788bec76e991215111141de31

  • SHA256

    73634e0145d1c491e0042b31fb21486e51ea6103ba9151d5a565237a7cbad163

  • SHA512

    44fddee7c54af8753ecdabb388cdd8fbc17fa2175ae64c18a43a3e25ba1845559d45810eec9f1526475b1477898d3c480cbbf295fc6b3f21f08b337724fa26ec

  • SSDEEP

    12288:g19AY73sMnk2FxdqyvFMBUSwaHlv+4DJugxgdWXEF0+Wx:g19b73sUhv11S57DJHxM6b

Malware Config

Extracted

Family

lumma

C2

https://bargainnykwo.shop/api

Targets

    • Target

      Loader.exe

    • Size

      537KB

    • MD5

      6789be9206f0b6ba880ebfb351a17017

    • SHA1

      7a3041aacd56add788bec76e991215111141de31

    • SHA256

      73634e0145d1c491e0042b31fb21486e51ea6103ba9151d5a565237a7cbad163

    • SHA512

      44fddee7c54af8753ecdabb388cdd8fbc17fa2175ae64c18a43a3e25ba1845559d45810eec9f1526475b1477898d3c480cbbf295fc6b3f21f08b337724fa26ec

    • SSDEEP

      12288:g19AY73sMnk2FxdqyvFMBUSwaHlv+4DJugxgdWXEF0+Wx:g19b73sUhv11S57DJHxM6b

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks