Overview

overview

10

Static

static

3

FieroHack.exe

windows7-x64

7

FieroHack.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0a7fdf90ae6737edbe06f66193cd16258c1702f078aa62f88755e83826dfa6a.zip

  • Size

    4.5MB

  • Sample

    241220-d6fzgsyjhw

  • MD5

    daa3577a43bb718282b9dc5b25c2c5df

  • SHA1

    477826df083acc8be94c67f982821b0043a07922

  • SHA256

    d0a7fdf90ae6737edbe06f66193cd16258c1702f078aa62f88755e83826dfa6a

  • SHA512

    766a762adf9a8799ac2ef1655a4565c302c203acdda73e297c51b026d935a5bdca7184fdf45ae174aac677eab919adb33cab1c8fb2072ffa2a9c4f3c3d2d3014

  • SSDEEP

    98304:cOgFiG7gZ0KQqQ/HOvv5wGQ2aT4hhUM3SYRHOYG3H1Z:cO90KzNvex2aTmriWMZ

Score
10/10
lummaxmrigdiscoveryevasionexecutionminerpersistencestealerupx

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Targets

    • Target

      FieroHack.exe

    • Size

      838.7MB

    • MD5

      1d0585eab895c1fd0a71078255f0389d

    • SHA1

      bf47c52f76e3e9fab779ec6cf527377454e05ec9

    • SHA256

      cb1ae1c234b97b5f75d8c8e1f05649b284f9146d89ca5853fcf49ecc0883fd8d

    • SHA512

      0dd7a3b4e8e6f291808113466d2ff29a068531660ec4958f0898fd08102e167859620174878c6e013420611e98efb94754a9ceb8e7dc677ad3d3184994a6d9c9

    • SSDEEP

      98304:YSYl+O1E/Uo8EoT9AfvDm+CIUzwNhSkPsiQ5HiGIzH:YS7Uo/bfyhIUzilXI

    Score
    10/10
    discoverylummaxmrigevasionexecutionminerpersistencestealerupx

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Creates new service(s)

      persistenceexecution

    • Stops running service(s)

      evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks