General

  • Target

    #SetUp_2255_PassW0rd$$!!!.zip

  • Size

    7.5MB

  • Sample

    240711-rrgjcszenq

  • MD5

    d0641374cc27fa846d31b7ff4d9c93f3

  • SHA1

    f66cdadfb6f3ca3ce30656717378f28187cf0be8

  • SHA256

    89ac6aee92ba24650ba8cdfde9367933f377f6ffad434132cd3cde3b378b3995

  • SHA512

    81ad35e4087feb7e160dab9f32da823fec8f527466a0b1d1229dbf2e464246fbd5e5c5f572dee7729f2f190104648c310a31fa27d3e21c63dc677b9d2561a741

  • SSDEEP

    196608:mBNz1bpwqTaGm2NOIcFfNsESNkX/wlgpfMM6mPC3:mB5VdA5Ntwkv/gX3

Malware Config

Extracted

Family

lumma

C2

https://bittercoldzzdwu.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Setup.msi

    • Size

      2.4MB

    • MD5

      22700b5e19106a0c61f814b300856129

    • SHA1

      2018bb88e522d4e349a16f63764e90b53d66c573

    • SHA256

      6868a28e301db8c220a8ea22c15fe844685f88c963385ee5a5281edc34b90417

    • SHA512

      9d69c94d31b0a07830988f283c5cf200acf1e447a2a612fb49428db40512ef70d55f8ceabab81a5a371e93ebfbc9a89db5498fec1f690ba9ab96f45ed5b84db2

    • SSDEEP

      49152:TSKVjYJgqkxO+9jRHOREJC+sfhq/7WdzDfyEzac6t4wk3A6t:TDV0ejY+sfhPd3fDOcKkQ

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks