General

  • Target

    790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a

  • Size

    63.4MB

  • Sample

    241010-a3fyjasenc

  • MD5

    8a3b1b5afd0271e204325ce9eb9158fe

  • SHA1

    1ef496e949d1604df04e01bb671481b605bf19b8

  • SHA256

    790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a

  • SHA512

    a7fd6a354c9b3a0696d6d6daea0bddd4b53d2d438a4af2cd37e068c479e9156708ad39ce6cf59b3318aa166c95e62f3fefb3b93219ff4364bce8c66ae6082028

  • SSDEEP

    1572864:SLq4DIntRFxi0ef09rzefa/ythYOZdWFS/lz5dowWM:SLq4DInDFKf0lzea/yF8FSvdowj

Malware Config

Extracted

Family

lumma

C2

https://drawwyobstacw.sbs

https://condifendteu.sbs

https://ehticsprocw.sbs

https://vennurviot.sbs

https://resinedyw.sbs

https://enlargkiw.sbs

https://allocatinow.sbs

https://mathcucom.sbs

Extracted

Family

stealc

Botnet

mainteam

C2

http://95.182.96.50

Attributes
  • url_path

    /2aced82320799c96.php

Targets

    • Target

      790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a

    • Size

      63.4MB

    • MD5

      8a3b1b5afd0271e204325ce9eb9158fe

    • SHA1

      1ef496e949d1604df04e01bb671481b605bf19b8

    • SHA256

      790b8ec5a42591a245011d49484da552d65544354fb6c5a993443eedbc65ee7a

    • SHA512

      a7fd6a354c9b3a0696d6d6daea0bddd4b53d2d438a4af2cd37e068c479e9156708ad39ce6cf59b3318aa166c95e62f3fefb3b93219ff4364bce8c66ae6082028

    • SSDEEP

      1572864:SLq4DIntRFxi0ef09rzefa/ythYOZdWFS/lz5dowWM:SLq4DInDFKf0lzea/yF8FSvdowj

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Stealc

      Stealc is an infostealer written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    • Target

      TinyPatch/TinyPatch.exe

    • Size

      149.3MB

    • MD5

      421b9213f8ac3c4e3f33a8c1d53583e7

    • SHA1

      c24383ddbc6fce79dc7a482bfdb0b8a374327131

    • SHA256

      911410b12ddb12ace59782c6e23d23c8fc2ad32405fec6d6c0ea4cac08da1872

    • SHA512

      d68133b0120f77a9d0fc1048b00841af643072cb2b7cd36d21d3894239061faa694b6c4e517e9c28eda95db751ec4a861cb2993a3f29723bd979fe9822947a5c

    • SSDEEP

      786432:cATKLb5CC7Ncquk/8ld61cU+nWbHrtoDHSv+g6kQarnqqN69fTIKR8I:tTKLbcalkRWXtS9UqF9f0KGI

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Stealc

      Stealc is an infostealer written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks