Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5.exe

  • Size

    993KB

  • Sample

    240723-b18ffa1ann

  • MD5

    ef60acf75c0376b0b966fa79c0eb3b7b

  • SHA1

    f34dadc470f90762605ace8d79639dcb7cfb6457

  • SHA256

    2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5

  • SHA512

    2055775b4177bd838e5a64ffe9b9acc13e9948df8cf0d7698edcce030ea351cb74e0901826e20868fd78aa2ee4f463658d6320cd0e8e35b09a35f66ca82c8241

  • SSDEEP

    24576:WMzyQW5NWooWo7lnCV01bmqFOmu4tVoLtGJL7BpWT:MZN9oWoRnCq1K0OmvVrL7iT

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://liernessfornicsa.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

Targets

    • Target

      2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5.exe

    • Size

      993KB

    • MD5

      ef60acf75c0376b0b966fa79c0eb3b7b

    • SHA1

      f34dadc470f90762605ace8d79639dcb7cfb6457

    • SHA256

      2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5

    • SHA512

      2055775b4177bd838e5a64ffe9b9acc13e9948df8cf0d7698edcce030ea351cb74e0901826e20868fd78aa2ee4f463658d6320cd0e8e35b09a35f66ca82c8241

    • SSDEEP

      24576:WMzyQW5NWooWo7lnCV01bmqFOmu4tVoLtGJL7BpWT:MZN9oWoRnCq1K0OmvVrL7iT

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks