General
-
Target
c76278eec86365ba7e612e9693561a1860cd0a2f693cf8570a2eba48f8cdfa34.exe
-
Size
1.8MB
-
Sample
241219-ejb8fsxpgm
-
MD5
1131e06af1069580aeb5acadc48516c6
-
SHA1
455a97292e1a1155e9e0066f0b7e027b469bbdbf
-
SHA256
c76278eec86365ba7e612e9693561a1860cd0a2f693cf8570a2eba48f8cdfa34
-
SHA512
fab6d66c5d1bc16e300ff0c7ac0e0c24000b1112071577c47f24de02e35d07ab5a9ac7640746bcd03435178d21c89c2f2faad9e1f6117fb85a1ea39137ef0e35
-
SSDEEP
49152:2fTph5Bxc8GNaNBKRxFZNV1XKAaQrZ03p:4D5Bx5GNKUHFz6Aj9
Static task
static1
Behavioral task
behavioral1
Sample
c76278eec86365ba7e612e9693561a1860cd0a2f693cf8570a2eba48f8cdfa34.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
c76278eec86365ba7e612e9693561a1860cd0a2f693cf8570a2eba48f8cdfa34.exe
-
Size
1.8MB
-
MD5
1131e06af1069580aeb5acadc48516c6
-
SHA1
455a97292e1a1155e9e0066f0b7e027b469bbdbf
-
SHA256
c76278eec86365ba7e612e9693561a1860cd0a2f693cf8570a2eba48f8cdfa34
-
SHA512
fab6d66c5d1bc16e300ff0c7ac0e0c24000b1112071577c47f24de02e35d07ab5a9ac7640746bcd03435178d21c89c2f2faad9e1f6117fb85a1ea39137ef0e35
-
SSDEEP
49152:2fTph5Bxc8GNaNBKRxFZNV1XKAaQrZ03p:4D5Bx5GNKUHFz6Aj9
-
Lumma family
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3