General
-
Target
343b51b34ac69ba9e09927634079bb0632509d3a2d9bafdba15d75a8f05b98ec.exe
-
Size
1.8MB
-
Sample
241219-c1ec2atjhw
-
MD5
830c7205f281af8e8be936566c40d1a5
-
SHA1
b1cfc6601006600a9823c324b3d26e1364802467
-
SHA256
343b51b34ac69ba9e09927634079bb0632509d3a2d9bafdba15d75a8f05b98ec
-
SHA512
4b1f86468ac9949f01fb746027ff3c7defac126cb0e7db1f9cd2b9ef342671575badd19f960994b84228aca5342de0509eec078ab6b02c8d5903399b51901a1c
-
SSDEEP
24576:/T2gIAMGk8TeOHlRPsZXwYcYxaG1HLYBMGFY1nr6rqQBfgRFemkp9UDKD2acoU8g:/TaGkBOFRPsJwRgnkBFmevBQLYf+Jy
Static task
static1
Behavioral task
behavioral1
Sample
343b51b34ac69ba9e09927634079bb0632509d3a2d9bafdba15d75a8f05b98ec.exe
Resource
win7-20241010-en
Malware Config
Extracted
lumma
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
343b51b34ac69ba9e09927634079bb0632509d3a2d9bafdba15d75a8f05b98ec.exe
-
Size
1.8MB
-
MD5
830c7205f281af8e8be936566c40d1a5
-
SHA1
b1cfc6601006600a9823c324b3d26e1364802467
-
SHA256
343b51b34ac69ba9e09927634079bb0632509d3a2d9bafdba15d75a8f05b98ec
-
SHA512
4b1f86468ac9949f01fb746027ff3c7defac126cb0e7db1f9cd2b9ef342671575badd19f960994b84228aca5342de0509eec078ab6b02c8d5903399b51901a1c
-
SSDEEP
24576:/T2gIAMGk8TeOHlRPsZXwYcYxaG1HLYBMGFY1nr6rqQBfgRFemkp9UDKD2acoU8g:/TaGkBOFRPsJwRgnkBFmevBQLYf+Jy
-
Lumma family
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3