General

  • Target

    9f373cdee6065d01164210c338948684703fcf966adab402175117dba115b85f

  • Size

    4.7MB

  • Sample

    240909-y775ksybmr

  • MD5

    47eaa7981dc34b70273b00f181749654

  • SHA1

    2ff2d6202298d9cb0f06c4f00a966647923b34e7

  • SHA256

    9f373cdee6065d01164210c338948684703fcf966adab402175117dba115b85f

  • SHA512

    9e6fa7b5c0552164d5ee98ce08eb7b2d514700eefb11667892d611e85d621a8de8edea9b9e52540ca12b70fd882d2700ea545f0e9ac24417c222d730d13cbfea

  • SSDEEP

    98304:QsuzYSa+/ydDuZ731vVJ0kPwc31MJjh63rgIBr37/XfBGdRZ+Js:lpdDQB1MJQ3rl/3BGdRl

Malware Config

Extracted

Family

cryptbot

C2

analforeverlovyu.top

eihtv18sb.top

Attributes
  • url_path

    /v1/upload.php

Extracted

Family

lumma

C2

https://professinowpqqz.shop/api

https://tenntysjuxmz.shop/api

Targets

    • Target

      9f373cdee6065d01164210c338948684703fcf966adab402175117dba115b85f

    • Size

      4.7MB

    • MD5

      47eaa7981dc34b70273b00f181749654

    • SHA1

      2ff2d6202298d9cb0f06c4f00a966647923b34e7

    • SHA256

      9f373cdee6065d01164210c338948684703fcf966adab402175117dba115b85f

    • SHA512

      9e6fa7b5c0552164d5ee98ce08eb7b2d514700eefb11667892d611e85d621a8de8edea9b9e52540ca12b70fd882d2700ea545f0e9ac24417c222d730d13cbfea

    • SSDEEP

      98304:QsuzYSa+/ydDuZ731vVJ0kPwc31MJjh63rgIBr37/XfBGdRZ+Js:lpdDQB1MJQ3rl/3BGdRl

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks