Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744.exe

  • Size

    45.0MB

  • Sample

    240721-lf3pkazcmj

  • MD5

    1ca12585c0bd9f0270c59e7a5a4b43b3

  • SHA1

    b5b805e0e19296e1702e0e6a42f6a8c45ea4f15d

  • SHA256

    ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744

  • SHA512

    c6a1878aff22bcd0c79ece9e44fe2ddfc9a028012342ae85099309c31ed60c776e0a1465e2d26cc5ecb5848d6692a441f228e7746910e122716e0aad25eacc8e

  • SSDEEP

    24576:y+0uFsw+b4dkKEj9ZUZbpKLDnMV1+/ez6Db0zh45:Au+w+b4dkL96Z8M+/e2czh45

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://reinforcedirectorywd.shop/api

Targets

    • Target

      ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744.exe

    • Size

      45.0MB

    • MD5

      1ca12585c0bd9f0270c59e7a5a4b43b3

    • SHA1

      b5b805e0e19296e1702e0e6a42f6a8c45ea4f15d

    • SHA256

      ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744

    • SHA512

      c6a1878aff22bcd0c79ece9e44fe2ddfc9a028012342ae85099309c31ed60c776e0a1465e2d26cc5ecb5848d6692a441f228e7746910e122716e0aad25eacc8e

    • SSDEEP

      24576:y+0uFsw+b4dkKEj9ZUZbpKLDnMV1+/ez6Db0zh45:Au+w+b4dkL96Z8M+/e2czh45

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks