Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

em_FReBA03...ck.exe

windows7-x64

1

em_FReBA03...ck.exe

windows10-1703-x64

10

em_FReBA03...ck.exe

windows10-2004-x64

10

em_FReBA03...ck.exe

windows11-21h2-x64

5

em_FReBA03...64.msi

windows7-x64

6

em_FReBA03...64.msi

windows10-1703-x64

6

em_FReBA03...64.msi

windows10-2004-x64

6

em_FReBA03...64.msi

windows11-21h2-x64

6

em_FReBA03...iz.exe

windows7-x64

3

em_FReBA03...iz.exe

windows10-1703-x64

3

em_FReBA03...iz.exe

windows10-2004-x64

3

em_FReBA03...iz.exe

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    em_FReBA03x_installer_Win7-Win11_x86_x64.zip

  • Size

    115.9MB

  • Sample

    240820-xs1lhsycmc

  • MD5

    4953704993d4f2956c127e093097e3d1

  • SHA1

    dbc7bf6c25b9412fb6ba36d1bdfdef9f3ab6a3f7

  • SHA256

    eeee232ef628352d43833b909892d2ed0807a43850baaf8d828b769c7840eb92

  • SHA512

    4a16cfbbe3d20ec801123be02244e86f4f744c47a3cde6edb9669b4c0b09c92e3a4fd10e818f70f8be224c32cd2436f4524a4567ee954578379422168c1051e1

  • SSDEEP

    3145728:krypL8Q1Fx1U8abewCqHpbsnkKGVYe79jH:krk8QrUDlHpKGVYeV

Score
10/10
lummadiscoverypersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://interactiedovspm.shop/api

https://potentioallykeos.shop/api

https://charecteristicdxp.shop/api

https://cagedwifedsozm.shop/api

https://deicedosmzj.shop/api

https://southedhiscuso.shop/api

https://consciousourwi.shop/api

https://tenntysjuxmz.shop/api

Targets

    • Target

      em_FReBA03x_installer_Win7-Win11_x86_x64/Crack.exe

    • Size

      25.6MB

    • MD5

      ef9323bf9b60b2fa7436bd1923d222bb

    • SHA1

      d633535341399ae503de6e19e18c0a13840c9483

    • SHA256

      c239349587f9cd75f79c2490c851a64883c55f608195b2572e5c1fa73d1432ac

    • SHA512

      547bd693a7d72a5c7b194d21a9a1954f139d2890bc29c36ef9fcc3a7a4b15221b021521b5fe08c35b58f9b8f7bfb73d42d73bfbb09ea50f9a339f43ffb10c55c

    • SSDEEP

      98304:2Dv/WQ6G2lRP7lO0wrUO00iAZ6sammO51fJBEd4reXzOKMXnsZF3g:mlARP7lp2UO+457Cd+eXSzns4

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

    • Target

      em_FReBA03x_installer_Win7-Win11_x86_x64/em_FReBA03x_installer_Win7-Win11_x86_x64.msi

    • Size

      93.9MB

    • MD5

      a2b4081e6ac9d7ff9e892494c58d6be1

    • SHA1

      8b1858f5b6f9de98da0da23835ffb7197341b401

    • SHA256

      d2479f32549799d766941ca412912a3c58b06fc1bcef55eb4db4c0d90bdd7dfb

    • SHA512

      8a9ec3b404c7a0df38d08e96c8484d18b9d78a53ecd6de0f2632a84767df7b2f7fb387fa5295cb9f1cf3f6af55b2150c5d7dff7593385fe44afc8ecfce011d74

    • SSDEEP

      1572864:OC2l1WbND0AFuMNQQyf7CfhU+43Seba3aQ6BZmOEbQSRsvuv+Tg9yS3i0PWmZyGT:qPoDn9NJ143Xba3Z6zN3c9X3ZzkL2kq1

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks for any installed AV software in registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6behavioral7behavioral8

    • Target

      em_FReBA03x_installer_Win7-Win11_x86_x64/updater/NvStWiz.prx

    • Size

      432KB

    • MD5

      9e82e3b658393bed3f7e4f090df1fbe7

    • SHA1

      bfff954b8ef192c01af9fb5d9141a21279cb9c31

    • SHA256

      c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762

    • SHA512

      de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b

    • SSDEEP

      6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp

    Score
    3/10
    discovery
    behavioral10behavioral11behavioral12behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

Modify Registry

1
T1112

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

2
T1012

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks