d3fackloader | fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a | Triage

Sharing

General

Target

fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a.exe
Size

3.8MB
Sample

241130-cdltlawqdz
MD5

fd4d06722033dcfbc3e7993bcf2f574c
SHA1

3e0a7ab1bc781353deb0800408b0074b5589b018
SHA256

fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a
SHA512

2c9434b08c0146e630c71cbe9fd82d25997441565e6b3bce7057c06a6b3befa646c4d79af514d89445619503c82f40c2cb462e0666d06ace7d94322a2ea9950b
SSDEEP

98304:xaROAR3Zsbt5be4s7JviZUnk4BhvbzkzmOJdrX6OL:xIiS4gHnk4z3krRL

Score

10^/10

d3fackloader lumma discovery downloader evasion execution loader stealer

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://hallowed-noisy.sbs

Targets

- Target
  
  fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a.exe
- Size
  
  3.8MB
- MD5
  
  fd4d06722033dcfbc3e7993bcf2f574c
- SHA1
  
  3e0a7ab1bc781353deb0800408b0074b5589b018
- SHA256
  
  fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a
- SHA512
  
  2c9434b08c0146e630c71cbe9fd82d25997441565e6b3bce7057c06a6b3befa646c4d79af514d89445619503c82f40c2cb462e0666d06ace7d94322a2ea9950b
- SSDEEP
  
  98304:xaROAR3Zsbt5be4s7JviZUnk4BhvbzkzmOJdrX6OL:xIiS4gHnk4z3krRL
Score

10^/10

d3fackloader discovery downloader loader lumma evasion execution stealer
- D3fackloader
  D3fackloader is a loader and downloader using Inno Setup.
  loader downloader d3fackloader
- D3fackloader family
  d3fackloader
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

d3fackloaderdiscoverydownloaderloader

behavioral2

d3fackloaderlummadiscoverydownloaderevasionexecutionloaderstealer