General

  • Target

    5cd91dcdc8ee04814f88dd149d49da3574163137acd60a00247f9b398b2085f6

  • Size

    571KB

  • Sample

    241008-klen9a1gpg

  • MD5

    481e35a62ebd60c05fe7659514bd63b1

  • SHA1

    429a170aee59f3c46d44d9e2c567e39fb6cd6072

  • SHA256

    5cd91dcdc8ee04814f88dd149d49da3574163137acd60a00247f9b398b2085f6

  • SHA512

    f33ff84159018bb182fc89f4a1f3813786d72d50336f4b8234660a5dafb4262a33830e4dce27e5069c0faeee4deccd763929568c251e4e0d8e2d3c20934d4f28

  • SSDEEP

    12288:lmQcpXoWDMIAccf/NBcfRsCnRIo3eOk7wyYfE3NFm4S:loXoptBqDRh3eP7wfM3ff

Malware Config

Extracted

Family

vidar

Botnet

5d5c21db908d8fe19952873f9f748174

C2

https://t.me/maslengdsa

https://steamcommunity.com/profiles/76561199786602107

https://t.me/lpnjoke

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Targets

    • Target

      5cd91dcdc8ee04814f88dd149d49da3574163137acd60a00247f9b398b2085f6

    • Size

      571KB

    • MD5

      481e35a62ebd60c05fe7659514bd63b1

    • SHA1

      429a170aee59f3c46d44d9e2c567e39fb6cd6072

    • SHA256

      5cd91dcdc8ee04814f88dd149d49da3574163137acd60a00247f9b398b2085f6

    • SHA512

      f33ff84159018bb182fc89f4a1f3813786d72d50336f4b8234660a5dafb4262a33830e4dce27e5069c0faeee4deccd763929568c251e4e0d8e2d3c20934d4f28

    • SSDEEP

      12288:lmQcpXoWDMIAccf/NBcfRsCnRIo3eOk7wyYfE3NFm4S:loXoptBqDRh3eP7wfM3ff

    • Detect Vidar Stealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.