Overview

overview

10

Static

static

3

ezacid88/v...id.exe

windows7-x64

7

ezacid88/v...id.exe

windows10-2004-x64

10

ezacid88/v...id.exe

windows10-ltsc 2021-x64

10

ezacid88/v...id.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ezacid.zip

  • Size

    15.8MB

  • Sample

    241230-ta325s1pb1

  • MD5

    1ffcb8c7cbe7e1aea3efd695148c7546

  • SHA1

    583f755c37a4dbce8babada2c695c0ea3f9bac60

  • SHA256

    8b57e13f7301f697a5cc68efcecd816be9bd787f3861813530085c701bf25bc5

  • SHA512

    459d78632edd8128e1cbd065bc6446c930f72a69f13ba3cb19f4ce10728537733edd890c175025706821647450cc66913ac64dd58d65faaa4c481d9368cd6b22

  • SSDEEP

    393216:5TseZ75hOIOG0kvhB4qUy7laIu2SfiJJ9sqx090n67i:5AeZHhO24qhFv09Z7i

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://begguinnerz.biz/api

Extracted

Family

lumma

C2

https://begguinnerz.biz/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

    • Target

      ezacid88/vlid_acid.exe

    • Size

      1.4MB

    • MD5

      4fd542a5d9d9fb3bf5c712d9c8798977

    • SHA1

      fdf1d0613754c4c422ecdccdcdc8e6509adbf042

    • SHA256

      dd376180de2b87377738050491d1b6d49a8a77b32c8145e7ecad56185130012d

    • SHA512

      a48db2fc60b9e9ddbb522a58551c246fcb3642422901b3a4adf550f145db26ba8921fc22c3268f6113022ea19209748cf8647f63b3a7a987dbf1cb97926687e3

    • SSDEEP

      24576:VGd2VjDuBPnI4w698ckMXmaAPmjtoJmynlRti9Xw7F1CIAGP1Ckh1rPK8:S21YPI4w6TkgmzPHcynl/WXeCcsU1v

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks