Overview

overview

10

Static

static

10

SoftWare(1).exe

windows7-x64

7

SoftWare(1).exe

windows10-2004-x64

10

SoftWare(2).exe

windows7-x64

1

SoftWare(2).exe

windows10-2004-x64

10

Resubmissions

07/08/2024, 09:48

240807-lsvjqawhmq 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ROBLOX Cheat.zip

  • Size

    20.7MB

  • Sample

    240807-lsvjqawhmq

  • MD5

    eb867b77728f9a008fbdf0ee16a4c9bf

  • SHA1

    edb2a50f71245a75026fbcc6b397e2b4b24bb268

  • SHA256

    f5f307c22117803ffcc5d910a46431420299a7a0fe579c0c0ea7b67cd3bbd23b

  • SHA512

    69903017656f94dd0d4e64624a9b19a5023cefe31fedfb0fb780ea9b53e71d8482d6c6f4cab191f18726fd4e24a370844fe901e6277a4d53dd8adf90df3eeb69

  • SSDEEP

    393216:COCMj1RUE3bUXOb5xklPBCNyYzE9t8svlUhnwXG3+iho0r4nMrJzNbt:COL7rUSbGY89WPh6tK4neJJbt

Score
10/10
lummaredlinecredential_accessdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

lumma

Extracted

Family

redline

C2

185.196.9.26:6302

Extracted

Family

lumma

C2

https://clouddycuiomsnz.shop/api

https://celebratioopz.shop/api

https://writerospzm.shop/api

https://deallerospfosu.shop/api

https://bassizcellskz.shop/api

https://mennyudosirso.shop/api

https://languagedscie.shop/api

https://complaintsipzzx.shop/api

https://quialitsuzoxm.shop/api

https://tenntysjuxmz.shop/api

Targets

    • Target

      SoftWare(1).exe

    • Size

      569KB

    • MD5

      b0679259e519ea4d70a87edc48428384

    • SHA1

      f71079ede9903f6ceddb044426c3da570c208d7e

    • SHA256

      802d1adcee853e2be313c04c663b881a95f02775a1bbcff96249f06b832b4e99

    • SHA512

      75d665dad6e951b478f67bb1dc982614cdc36241ad567e0f29d6f2ec75bc93e89bc893716ed0cb5a7e3206cdd152a7807e3acfe4c3dfd2715b06935c758341c3

    • SSDEEP

      12288:cMeOoraiUEzVhK+3CjU7ZVaN/ur3rdGsafyauWky5M5xTkgGJQKZh4yccIN2Bhrg:cMevqIC+3NVVaw2X

    Score
    10/10
    discoveryredlinecredential_accessinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      SoftWare(2).exe

    • Size

      253KB

    • MD5

      fc6438225ce53ac04cc89e132ac57095

    • SHA1

      096ea8bb7562ba5fe37c30f396494c4df2773b75

    • SHA256

      1f19c8598a9ec1166717bf4194761d05f861ac8f590ce18c5d8a6d7eae8b2dd2

    • SHA512

      409202fad3b186529bb50aec8ef084c325abf237248bd9f22b2d0dc21eb421c24d1ff560c5cb3756127da663cf808f21019280c0d4e4487c9010d2d02f9aa1b3

    • SSDEEP

      6144:sZHX38U2yGwIu/WCa+qfSB9YBot8qlBbmH:+HL+wIuWnVKB9Y6XbmH

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks