Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

smart1.hta

windows7-x64

8

smart1.hta

windows10-1703-x64

10

smart1.hta

windows10-2004-x64

10

smart1.hta

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smart1.hta

  • Size

    162KB

  • Sample

    240819-tfexhaxank

  • MD5

    e779ad7fcdc079af0012414407e2e892

  • SHA1

    752c018c3be78f9fb25587d6452f2f6b0d9cd3a2

  • SHA256

    aaa862c14154374b00e16f2440dabfcb9c8b7ca6655942530c83a6c96c065438

  • SHA512

    ad8813afdacfc7d0b462aa011523861d393dd752af580358b81cafe408cc89ad9e0a64cbf886c61757cfb30a3cec8b3cc1ce3bdf4372d24a5d1c04a80b4f3db0

  • SSDEEP

    3072:088nbom5xIAb88nbom5xIAY88nbom5xIAo88nbom5xIA:ByxH6yxHNyxHdyxH

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://femininedspzmhu.shop/api

https://writerospzm.shop/api

https://deallerospfosu.shop/api

https://bassizcellskz.shop/api

https://languagedscie.shop/api

https://complaintsipzzx.shop/api

https://quialitsuzoxm.shop/api

https://tenntysjuxmz.shop/api

Targets

    • Target

      smart1.hta

    • Size

      162KB

    • MD5

      e779ad7fcdc079af0012414407e2e892

    • SHA1

      752c018c3be78f9fb25587d6452f2f6b0d9cd3a2

    • SHA256

      aaa862c14154374b00e16f2440dabfcb9c8b7ca6655942530c83a6c96c065438

    • SHA512

      ad8813afdacfc7d0b462aa011523861d393dd752af580358b81cafe408cc89ad9e0a64cbf886c61757cfb30a3cec8b3cc1ce3bdf4372d24a5d1c04a80b4f3db0

    • SSDEEP

      3072:088nbom5xIAb88nbom5xIAY88nbom5xIAo88nbom5xIA:ByxH6yxHNyxHdyxH

    Score
    10/10
    discoveryexecutionlummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks