Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d068a6d76dec4793e1c7e67d849485fec2eac4d1da91b48426c31d7b2b172b48

  • Size

    1021KB

  • Sample

    240811-px6dkazdmm

  • MD5

    a63aa4427cbc2b463642def398f2d217

  • SHA1

    49c3c7d4fea7f7abdf148e33b3470ce1bc23ecc5

  • SHA256

    d068a6d76dec4793e1c7e67d849485fec2eac4d1da91b48426c31d7b2b172b48

  • SHA512

    4fedbe899a27f0c9c34a8c4cced85c68148dab9b605e24787b4552429ab6d1091bc78f8599ca0ca43acd18c6d74fe94830ed4303f24bf9ffe99b0cf9fec6a198

  • SSDEEP

    24576:rhEQaXb3UlbHCxOBHyP1OL7LDMf0f7GSbTmTMs1eC:u9TUBHCxOxyP03LDG0jGSmTnd

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://enthusiandsi.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

Extracted

Family

lumma

C2

https://enthusiandsi.shop/api

https://tenntysjuxmz.shop/api

Targets

    • Target

      d068a6d76dec4793e1c7e67d849485fec2eac4d1da91b48426c31d7b2b172b48

    • Size

      1021KB

    • MD5

      a63aa4427cbc2b463642def398f2d217

    • SHA1

      49c3c7d4fea7f7abdf148e33b3470ce1bc23ecc5

    • SHA256

      d068a6d76dec4793e1c7e67d849485fec2eac4d1da91b48426c31d7b2b172b48

    • SHA512

      4fedbe899a27f0c9c34a8c4cced85c68148dab9b605e24787b4552429ab6d1091bc78f8599ca0ca43acd18c6d74fe94830ed4303f24bf9ffe99b0cf9fec6a198

    • SSDEEP

      24576:rhEQaXb3UlbHCxOBHyP1OL7LDMf0f7GSbTmTMs1eC:u9TUBHCxOxyP03LDG0jGSmTnd

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks