General

  • Target

    443f4cf9f362a96bbd0845ba6d2859f0.exe

  • Size

    781KB

  • Sample

    241217-kh522awmhl

  • MD5

    443f4cf9f362a96bbd0845ba6d2859f0

  • SHA1

    1bf75dea31eaf0c26da3428ae2b8518771989522

  • SHA256

    e11c9223741b2d1291f1031539da3dd183ce2ac4b2de705d92366c6f61d94aa5

  • SHA512

    f43bf238027dacc972e98caff32461c680aefe1197be827348bb8bd371f85456352fbebf5bffa2381f6496466da2acef549c01c4e06c8d52727539196755db9a

  • SSDEEP

    24576:ErtEhokkSG46ZY4vaIAaCzxZY4vaIAaCzs:ErGhokkSG4kdCzvdCzs

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

https://tacitglibbr.biz/api

Extracted

Family

lumma

C2

https://tacitglibbr.biz/api

Targets

    • Target

      443f4cf9f362a96bbd0845ba6d2859f0.exe

    • Size

      781KB

    • MD5

      443f4cf9f362a96bbd0845ba6d2859f0

    • SHA1

      1bf75dea31eaf0c26da3428ae2b8518771989522

    • SHA256

      e11c9223741b2d1291f1031539da3dd183ce2ac4b2de705d92366c6f61d94aa5

    • SHA512

      f43bf238027dacc972e98caff32461c680aefe1197be827348bb8bd371f85456352fbebf5bffa2381f6496466da2acef549c01c4e06c8d52727539196755db9a

    • SSDEEP

      24576:ErtEhokkSG46ZY4vaIAaCzxZY4vaIAaCzs:ErGhokkSG4kdCzvdCzs

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks