Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

25/09/2024, 16:28

240925-tynx5avfkk 10

General

  • Target

    2857272927b6bb6d2ca396778b859b2d.exe

  • Size

    88.0MB

  • Sample

    240925-tynx5avfkk

  • MD5

    2857272927b6bb6d2ca396778b859b2d

  • SHA1

    f73dd654b60ac8c2d5e76caa9cfa51c29eaea04a

  • SHA256

    9fcb457a89551c5ab94303779ebfc4737bd74be935a1ac68cda0d22bb51b3202

  • SHA512

    d94571bc8d10c01046ba6dc517eccadd58f3cfd709340c6edb67c24b5c5af775adc1d9fc973e2b93e11e26b382a5a03f1efd42cf4abaa2b78bb97cab1616be84

  • SSDEEP

    24576:49EDJTQBTq7Dy92dekYwlYoRF7La/KK8bvYrCE9InCdPDL:4yEBuPy9g+wl4KK8bvIuQD

Malware Config

Extracted

Family

lumma

C2

https://performenj.shop/api

Targets

    • Target

      2857272927b6bb6d2ca396778b859b2d.exe

    • Size

      88.0MB

    • MD5

      2857272927b6bb6d2ca396778b859b2d

    • SHA1

      f73dd654b60ac8c2d5e76caa9cfa51c29eaea04a

    • SHA256

      9fcb457a89551c5ab94303779ebfc4737bd74be935a1ac68cda0d22bb51b3202

    • SHA512

      d94571bc8d10c01046ba6dc517eccadd58f3cfd709340c6edb67c24b5c5af775adc1d9fc973e2b93e11e26b382a5a03f1efd42cf4abaa2b78bb97cab1616be84

    • SSDEEP

      24576:49EDJTQBTq7Dy92dekYwlYoRF7La/KK8bvYrCE9InCdPDL:4yEBuPy9g+wl4KK8bvIuQD

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks