Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ✵s͜͡et-Uṕ_7471_!!P͜aS̈ṩC0Dẽ✵✔.rar

  • Size

    23.0MB

  • Sample

    240925-kbeaqsxhrf

  • MD5

    8ecdfe0414eb289bb0b24a96d5b694c5

  • SHA1

    d43255e7d57c81c70782086072ca06c65cfd5806

  • SHA256

    1b49165c99f49c625597584502f87e44f2b81a1ca544eb67241b9f4041e8eb6f

  • SHA512

    aa98ff717072e0ffa1c04e483bed921a374dfa4cb74dc837f43c151c366f119d2d7939a841c91dd2cc3f9ddc5db9a396e6fded18574602d18be39a5a037c38d6

  • SSDEEP

    393216:PRX8FjI/0+thS8bkV8No8Nxz1HFqD74v8qjBhjrQgqjFLUdei0H0Rl00+xKZTL:pqGZhS8bkVYo8NfI74vfhwgqjdKei0EV

Malware Config

Extracted

Family

lumma

C2

https://annthostiledm.shop/api

Targets

    • Target

      !Saẗup☑/Setup.exe

    • Size

      8.7MB

    • MD5

      480f8cf600f5509595b8418c6534caf2

    • SHA1

      dc13258ebb83bdf956523d751f67e29d6e4cf77e

    • SHA256

      6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2

    • SHA512

      f0bd99f68d59e80538fb276945d0f383394cb94a35c6d12ebd3e87061222249f78b9ca75716b33e36b66842b97c71149612111fcb6a8a3bc3a97635b03934aaf

    • SSDEEP

      196608:Ywdj1UbkCchr3rlFE8GCWhKUzGZ3gRTFHnBz58//o:Yw91Ubkxhr3rlFHWhKUzGZ3gRTFhzi/o

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks