Overview

overview

10

Static

static

3

1/7loader.exe

windows7-x64

8

1/7loader.exe

windows10-2004-x64

10

2/7loader.exe

windows7-x64

8

2/7loader.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7loader.7z

  • Size

    7KB

  • Sample

    241120-gjaqqssldv

  • MD5

    4587bf3746a5674a1797ea7fe50d0893

  • SHA1

    ea740da047d03d09b69417f6453d953392efc749

  • SHA256

    2bb2c59d97f7aa971f1fcd7518fcf4331550029765b0943f84d32d5eec603760

  • SHA512

    ef589aa9da32570e7c144aa56e283b67705b242bff2c846ae7a443185ad33153bf7024df2eeee17659a5cd8aadd04271e46d3afc792586c29e37448c08666b9f

  • SSDEEP

    192:3l6hiBbdX0HxDL1zGP6uIefpImEXf6QKzntNFA:168BRX0HxDLJHuI0pIszXy

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://a1m0sph3reds.cyou/api

Targets

    • Target

      1/7loader.exe.vir

    • Size

      44KB

    • MD5

      2d538ba85d41c6a385e872201429380a

    • SHA1

      aab6d07ea5390836a54b12c6836eb1106d7e9a44

    • SHA256

      9c45ca71fda5862789cd866127e766b941de1f690b91144c1d4c1d967d1dc050

    • SHA512

      76bc7b5b0a45147b23bac99bd7fc986c8bd407291cddffa9edf25ff88d9e8334221a48d9ab62c9bf37ab9eb7375b4ec4d2729ddeac7209c499e104f878168451

    • SSDEEP

      384:V0KxGphJ6zC2eEF/dHoCkX73hDsSfkksLxG5wrNv+a2VSDSaVrr:+6zCY/+X7kpG5wrNGa2VSDSal

    Score
    10/10
    discoveryexecutionlummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      2/7loader.exe.vir

    • Size

      21KB

    • MD5

      489d2bb73c3c5b44e0f315b2ce9381b3

    • SHA1

      4b08586aee68bee50c1f5aaadf1afafe30743b48

    • SHA256

      849ae339eb4480f2f3187b50c1413e187bed698b2a196e515eb219244e2e8dd8

    • SHA512

      1eec009178f92f3d4cd6813aa17a6a55c1ddb174811cca662f709e45a23ccc5ce847238f442aa1bca7edc2e4c9865fb0f32781df5d7d7f8ca9c78190c025fdec

    • SSDEEP

      384:V0KxGphJ6zC2eEF/dHoCkX73hDsSfkksLxG5wrNv+a2VSDSaVrr:+6zCY/+X7kpG5wrNGa2VSDSal

    Score
    10/10
    discoveryexecutionlummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks