Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Resubmissions

09-01-2025 18:01

250109-wmb6asymbn 10

22-08-2024 22:41

240822-2mg97s1fre 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8af4212019603dad1b32988c489f871672c5090f8d1013818a4b91363ab038a

  • Size

    191KB

  • Sample

    240822-2mg97s1fre

  • MD5

    b1454ca05bb536ef2c1678d1d33ea062

  • SHA1

    4d77ce27ef5e8232d1fa79bb77af356030a9b466

  • SHA256

    b8af4212019603dad1b32988c489f871672c5090f8d1013818a4b91363ab038a

  • SHA512

    60db78cdcd3f95b86f213723aacab95b00a3b435b329d77c72373ae331f5006339a6c469ba31873370607679ee995cd040892fff60a89c0c656ad121a1281ae5

  • SSDEEP

    3072:pCeWMeoy/sFJWfavXStdd/fVPldIbV/UKPP8C0GNyr85UTk4ugWagKYzEO:rWMedUr3W/Jld1KnGGUPkIyEO

Score
10/10
lummavidar9fecf283c2873768afb8beafb33a85e0credential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

10.8

Botnet

9fecf283c2873768afb8beafb33a85e0

C2

https://steamcommunity.com/profiles/76561199761128941

https://t.me/iyigunl
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Extracted

Family

lumma

C2

https://interactiedovspm.shop/api

https://potentioallykeos.shop/api

Targets

    • Target

      b8af4212019603dad1b32988c489f871672c5090f8d1013818a4b91363ab038a

    • Size

      191KB

    • MD5

      b1454ca05bb536ef2c1678d1d33ea062

    • SHA1

      4d77ce27ef5e8232d1fa79bb77af356030a9b466

    • SHA256

      b8af4212019603dad1b32988c489f871672c5090f8d1013818a4b91363ab038a

    • SHA512

      60db78cdcd3f95b86f213723aacab95b00a3b435b329d77c72373ae331f5006339a6c469ba31873370607679ee995cd040892fff60a89c0c656ad121a1281ae5

    • SSDEEP

      3072:pCeWMeoy/sFJWfavXStdd/fVPldIbV/UKPP8C0GNyr85UTk4ugWagKYzEO:rWMedUr3W/Jld1KnGGUPkIyEO

    Score
    10/10
    lummavidar9fecf283c2873768afb8beafb33a85e0credential_accessdiscoveryspywarestealer

    • Detect Vidar Stealer

      stealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks