Overview

overview

10

Static

static

4

Captcha.hta

windows7-x64

8

Captcha.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Captcha.hta

  • Size

    1KB

  • Sample

    241212-hmhfestmgx

  • MD5

    21bd78bbc50aa0b32d6e8d1868e9ad5e

  • SHA1

    8a4278d077fa472fd6e4cbde95e6a3b928eff10b

  • SHA256

    a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1

  • SHA512

    3d088b7ff90f722223fe2cef2bd65b8df3fdcaa92fe14f46b8c1f2b9ee0c3c1c94cff2ca02acf9619ffa372db4565fc1b576fd553e928ebf6d94238b86eace0e

Score
10/10
lummadiscoveryexecutionphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Extracted

Family

lumma

C2

https://covery-mover.biz/api

Targets

    • Target

      Captcha.hta

    • Size

      1KB

    • MD5

      21bd78bbc50aa0b32d6e8d1868e9ad5e

    • SHA1

      8a4278d077fa472fd6e4cbde95e6a3b928eff10b

    • SHA256

      a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1

    • SHA512

      3d088b7ff90f722223fe2cef2bd65b8df3fdcaa92fe14f46b8c1f2b9ee0c3c1c94cff2ca02acf9619ffa372db4565fc1b576fd553e928ebf6d94238b86eace0e

    Score
    10/10
    discoveryexecutionlummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks