General
-
Target
7c700b74cfa885fd18abe0c42a71e28a3f82bb7e20bb0bb883a49f3e4e3e48f3.exe
-
Size
1.8MB
-
Sample
241219-dt8tqswmbr
-
MD5
36e8bef9e64aab447e4deed78acb16a4
-
SHA1
102c5e3e7bc0448c9a564411ecb5a831a6899c79
-
SHA256
7c700b74cfa885fd18abe0c42a71e28a3f82bb7e20bb0bb883a49f3e4e3e48f3
-
SHA512
e9d2bcc4cfbbf3ec02f1daa360696446e1a821be2253a57db833d667c3cb70706343e59aaa252ec341079fc604dcd7d2cc48ecc5c5f650de9a6e416769a4d0e6
-
SSDEEP
49152:1eYB58EGCuOD1Ch9EPrj7QfpjSvJF+m6b9AXIS:1gdORuyUjSvT+zAXI
Static task
static1
Behavioral task
behavioral1
Sample
7c700b74cfa885fd18abe0c42a71e28a3f82bb7e20bb0bb883a49f3e4e3e48f3.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
7c700b74cfa885fd18abe0c42a71e28a3f82bb7e20bb0bb883a49f3e4e3e48f3.exe
-
Size
1.8MB
-
MD5
36e8bef9e64aab447e4deed78acb16a4
-
SHA1
102c5e3e7bc0448c9a564411ecb5a831a6899c79
-
SHA256
7c700b74cfa885fd18abe0c42a71e28a3f82bb7e20bb0bb883a49f3e4e3e48f3
-
SHA512
e9d2bcc4cfbbf3ec02f1daa360696446e1a821be2253a57db833d667c3cb70706343e59aaa252ec341079fc604dcd7d2cc48ecc5c5f650de9a6e416769a4d0e6
-
SSDEEP
49152:1eYB58EGCuOD1Ch9EPrj7QfpjSvJF+m6b9AXIS:1gdORuyUjSvT+zAXI
-
Lumma family
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3