Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569

  • Size

    3.2MB

  • Sample

    240829-phyp6s1dkg

  • MD5

    f8afafba3e86d50ad9edce1d0ea179ab

  • SHA1

    da2a418d7d4f39222d16cfad8cb381ca53f7339c

  • SHA256

    2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569

  • SHA512

    a23d51e4621b9a18d9f99d797bccf64ded9fddc0c63ccda8df5d1d13c5e35633c14bcb66a3dd1205d07c5c3637a9d58e17794e1e85b9d78e578ec723a708abc4

  • SSDEEP

    49152:Aa5dRh/rrdcQX7kAmen7jJRkNkdKiJZeKtH0LzHPzkRyq/cHG53IpOMb6tdz6c:Aa5rJ/+ewIH/5dKaZeQH0Lc8GKAdz6c

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://awwardwiqi.shop/api

https://locatedblsoqp.shop/api

https://traineiwnqo.shop/api

Targets

    • Target

      2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569

    • Size

      3.2MB

    • MD5

      f8afafba3e86d50ad9edce1d0ea179ab

    • SHA1

      da2a418d7d4f39222d16cfad8cb381ca53f7339c

    • SHA256

      2c52f6d1206bc754c5e3ad485b7406d7d611d7d490a2252a969f2cd874ea9569

    • SHA512

      a23d51e4621b9a18d9f99d797bccf64ded9fddc0c63ccda8df5d1d13c5e35633c14bcb66a3dd1205d07c5c3637a9d58e17794e1e85b9d78e578ec723a708abc4

    • SSDEEP

      49152:Aa5dRh/rrdcQX7kAmen7jJRkNkdKiJZeKtH0LzHPzkRyq/cHG53IpOMb6tdz6c:Aa5rJ/+ewIH/5dKaZeQH0Lc8GKAdz6c

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks