General

  • Target

    97596ac4b0b3d839d53b03d9217c7628c977365b49e2f2f3f733441bb02556e0.exe

  • Size

    571KB

  • Sample

    241008-cf6lsaxejc

  • MD5

    ea032d9278141463cb1aaf533b471aee

  • SHA1

    27e519e9e44219aeafeed5ab66cc2c82ef1ce031

  • SHA256

    97596ac4b0b3d839d53b03d9217c7628c977365b49e2f2f3f733441bb02556e0

  • SHA512

    2839065a5cbcefec2d2b6f9233982601c5f01e22216d34a674925ebb1c4d56fbc22d455b094913db3ed24f773489cd668caaa0707cbcf00476ca65e5358636bf

  • SSDEEP

    12288:TcEcpXoWDMa779ECxVxdlMvnYuqbzh45flvHMOLY4S:TOXomBNNLgYuq54ZBHMQ5

Malware Config

Extracted

Family

vidar

C2

http://lade.petperfectcare.com:80

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Targets

    • Target

      97596ac4b0b3d839d53b03d9217c7628c977365b49e2f2f3f733441bb02556e0.exe

    • Size

      571KB

    • MD5

      ea032d9278141463cb1aaf533b471aee

    • SHA1

      27e519e9e44219aeafeed5ab66cc2c82ef1ce031

    • SHA256

      97596ac4b0b3d839d53b03d9217c7628c977365b49e2f2f3f733441bb02556e0

    • SHA512

      2839065a5cbcefec2d2b6f9233982601c5f01e22216d34a674925ebb1c4d56fbc22d455b094913db3ed24f773489cd668caaa0707cbcf00476ca65e5358636bf

    • SSDEEP

      12288:TcEcpXoWDMa779ECxVxdlMvnYuqbzh45flvHMOLY4S:TOXomBNNLgYuq54ZBHMQ5

    • Detect Vidar Stealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.