General

  • Target

    Instalador.exe

  • Size

    30.2MB

  • Sample

    240914-hkx34a1hrh

  • MD5

    d5dccffd360ceaec6d69c055c57a5c6b

  • SHA1

    b291c5d858050a0a8c1da4c000c54efb5b34dc97

  • SHA256

    09d5dee2d65a5b9edbb9a72e74ddc87b3a417ab46c50f516d3407a2099ebd369

  • SHA512

    05e9b94867927297dfd3d0426c254affa68f7fe065ea174ef86e02d0dafdc2565667c0888a5b75e405df27a5b8e80e31bf101ddc93986ee5fe5e057ec0defd1e

  • SSDEEP

    393216:brHzHCocEm3j9kYnq5CIA8F87VzgEFlQ1C:bLzH3VIj9k0aCIAN

Malware Config

Extracted

Family

lumma

C2

https://writerospzm.shop/api

Targets

    • Target

      Instalador.exe

    • Size

      30.2MB

    • MD5

      d5dccffd360ceaec6d69c055c57a5c6b

    • SHA1

      b291c5d858050a0a8c1da4c000c54efb5b34dc97

    • SHA256

      09d5dee2d65a5b9edbb9a72e74ddc87b3a417ab46c50f516d3407a2099ebd369

    • SHA512

      05e9b94867927297dfd3d0426c254affa68f7fe065ea174ef86e02d0dafdc2565667c0888a5b75e405df27a5b8e80e31bf101ddc93986ee5fe5e057ec0defd1e

    • SSDEEP

      393216:brHzHCocEm3j9kYnq5CIA8F87VzgEFlQ1C:bLzH3VIj9k0aCIAN

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks