lumma | 14987357393c0163116f2f914a53c42f75ed939c660bb96bee17914a5a6b82c1

Sharing

Copy URL

Twitter E-mail

General

Target

Monotone-HWID-Spoofer-main.zip
Size

866KB
Sample

250103-bc5dwasqbv
MD5

05099ece327524d1299eacae745c3b8e
SHA1

7c272e1c1bdaf8aaa43f4fde13313336340b4264
SHA256

14987357393c0163116f2f914a53c42f75ed939c660bb96bee17914a5a6b82c1
SHA512

f8643977bc3c4fc76df0111ed9bf0624c95c4debb23c019d41ac8f54726a0022550e730f1d6901fed1709d0418ee9366a45b66baa3cbb604741b075d654372c2
SSDEEP

24576:qbmpXU4rHIdxSiuW5UqxUGpuVhxFetCJgKY72go:qMk4ruxSi7NxvuPx4tCJgK227

Score

10^/10

Malware Config

Extracted

Family

lumma

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

- Target
  
  Monotone-HWID-Spoofer-main.zip
- Size
  
  866KB
- MD5
  
  05099ece327524d1299eacae745c3b8e
- SHA1
  
  7c272e1c1bdaf8aaa43f4fde13313336340b4264
- SHA256
  
  14987357393c0163116f2f914a53c42f75ed939c660bb96bee17914a5a6b82c1
- SHA512
  
  f8643977bc3c4fc76df0111ed9bf0624c95c4debb23c019d41ac8f54726a0022550e730f1d6901fed1709d0418ee9366a45b66baa3cbb604741b075d654372c2
- SSDEEP
  
  24576:qbmpXU4rHIdxSiuW5UqxUGpuVhxFetCJgKY72go:qMk4ruxSi7NxvuPx4tCJgK227
Score

10^/10

lumma discovery execution stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Monotone-HWID-Spoofer-main/Box.bat
- Size
  
  5KB
- MD5
  
  a95505942d3ebcf724f080b49d4e981f
- SHA1
  
  ed7202c5dd386d050a2a24745399154218569f81
- SHA256
  
  64556d24498bcd280cd7cc248a98ed22c4db921495d825f141af1547c8fdd275
- SHA512
  
  21046716caec7a2b26516ae37f3295445d8c7f1b3502ebcaf41a84469bea1888f0139e813111f1585eff9b27403674e4c61ef4d4a62503f2c1dd820bde8a3476
- SSDEEP
  
  96:0hsAkUFjSl445cLegeOGe1fjlV/SkJwxwotwb7MEussvil2YTUK:nAkQjSl44yveOb/Skxt7WisY4K
Score

1^/10
behavioral2
- Target
  
  Monotone-HWID-Spoofer-main/Button.bat
- Size
  
  5KB
- MD5
  
  96fefe69f2facf74197a8af3004a6167
- SHA1
  
  80baf02b5d984dd8055ac3a6f42593ad98b78307
- SHA256
  
  38aa0c1ad69d96732c776cbd73275f5ccb881d42158158b32815dad869ef9876
- SHA512
  
  1aa6335a5cc340191613c52fa3e55625ed058abad8bd8d5ed1575bb9cd59b19e1fb3fcf3f5df199ea6f9b9d10bdee45e099c9247457b35ea65c7b1e403f0e888
- SSDEEP
  
  96:X1UCLtcZQBjROHl4EF3r+QOAwD3MMcEzySfuP0wOYwwYW2s:XTeGBlqlXF3yDcMJ2+uP0wuwY7s
Score

1^/10
behavioral3
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/Adapters.exe
- Size
  
  335KB
- MD5
  
  934bbc5411c532964f3bbe42cb1c1785
- SHA1
  
  dcddde340e7f080716abaa456971b9aa85bd084b
- SHA256
  
  b3de6d10d9f94037b88f736609e50a8a4c4d516ca50107dedd575797a654c28e
- SHA512
  
  8db126cb8381fe84afe25b25e854eb8de25e43f2638e0d87740ce3fe33338b032b09d9551655afedecfe39cb7482f88e72ccdb28afb59684474084a28da71cb2
- SSDEEP
  
  6144:QlGlXIiIGWbsTXO/P/bbUmmUhquD2S6FEJQzZnCvTkJCps9Q18RQj7dVJTrQkEj2:QlGlXIiIGWbsTXO/P/3mUhquD2S6DzZl
Score

1^/10
behavioral4
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/Adapters2.exe
- Size
  
  341KB
- MD5
  
  bb36d4578ce201dc932ab6bbc079875c
- SHA1
  
  f614f8211bba9d578eb19e7d96a0314b5a51e662
- SHA256
  
  4c831252aa6f193c4474ba74f352bee7d00099dfaf5ac6e98ab1253e21999b4a
- SHA512
  
  ea66cffc96403f69f1b1a3e4f7b0c2fb5045655e2f10772f4d0e5dc9d0243e99c972ae9247c597de680ed7886896a335bc82dde8b162515f15ba368ff25fdebe
- SSDEEP
  
  6144:zlxFkdqBBydxtri9gvdRWKPmawYItN6atI/cFVygZnCv6hqGPs7fYv8dMQZgxiQT:zlxFkdqBBydxtri9gvdRWKPmawYItwax
Score

1^/10
behavioral5
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/AlternateStreamView.cfg
- Size
  
  551B
- MD5
  
  d298348206017d0cb04217887a677334
- SHA1
  
  8fd2cf9e5e39213c5316f36b463948c52ca83017
- SHA256
  
  2e44dad813efa86ddbd849a53962c5bdcacc9bcc2039dc09bcb2c25c770f3d8b
- SHA512
  
  517a9d78ba3529308066d619a11d8a3684aaf7428041fae2eb8520f30fc7ec9553f6f58011b63bce030391c2d24fb7b5f7385ec2da21a51ca1264dc7a513b5d9
Score

3^/10
behavioral6
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/AlternateStreamView.exe
- Size
  
  109KB
- MD5
  
  caede4f12ac17f3e0ad8e3c923fd510a
- SHA1
  
  107616433f973110664ceda2ca64c21fb7a92825
- SHA256
  
  669ce40107a2e05fc93dd37df55c77eb155705b449b2e236423e8bb96b9985f0
- SHA512
  
  69898a4d39ba4415da8c8e5eb8a1a012d4db87f24e61f63a50b3af07e65d2aed6cc4b24ed315e5a20dea91fa1903fac92a5eefbbff8b8cb90c7259413cd93162
- SSDEEP
  
  3072:6SuY8BQkSJllKctuKvF2CIlMd1krc1uRCiOoCW7ZlFzG:E0wY25facROh
Score

3^/10
behavioral7
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/Block.exe
- Size
  
  119KB
- MD5
  
  5782b8d469bbc9045ebd2316c2aefbd5
- SHA1
  
  f679adea19ac0e88a50cfefb88825a086102f77d
- SHA256
  
  dfd08e1d7a34bae6836b3915b45b8637b85cdc998198c5bf148fba5e96f15c21
- SHA512
  
  e57ed92d3c916b89e5f830fb52a63b330e404ea91a7cc0e0b0e8cfb03f9bea7252f1fa8fcf3950ae2bd404dcd189eeac27bcdc1cf529acd8ebde0bc5f457d023
- SSDEEP
  
  3072:u2sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcXnI:PbJhs7QW69hd1MMdxPe9N9uA0hu9TBKI
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates processes with tasklist
  discovery
behavioral8
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/UnbanComplete.vbs
- Size
  
  49B
- MD5
  
  4edf8ecaf575c93e307bdce09aa46e8c
- SHA1
  
  76c189b32fd69a3694e1dd14776cee1c1cc6c483
- SHA256
  
  537f70f7b018610dfedd4bcecf041d845eab0c673e129185c2345eb68a95fe77
- SHA512
  
  ce5921344aadcc9fce5141d416ca92e5772c1c37a0e8724c09c6c2ac579528a21e5fc8659c91db68810763b403fd9760d75102f6c22db84f8f5fe13fefaf6f1a
Score

1^/10
behavioral9
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/process.bat
- Size
  
  1001B
- MD5
  
  2d3f9b2d001abd6e58ac6f0e7337c619
- SHA1
  
  7053a604a394f479b643783098adb056d69a404b
- SHA256
  
  ef702ce2f8fb1bc71fb60e8b95cb83cef4fa66aa96afd7ca4fd67c96530b6e53
- SHA512
  
  60d4a7e203e37194f4a78f1c581728197b3cd6581d70e185ba6d0d8206aca3a732319b28fef776028015615ebc0ab164a9c935081cd2496b866c63ad6358fccf
Score

5^/10

discovery
- Enumerates processes with tasklist
  discovery
behavioral10
- Target
  
  Monotone-HWID-Spoofer-main/Commands/Hidden/spoofer.sys
- Size
  
  6KB
- MD5
  
  96756deaff1b2667883d4a21e43f4f65
- SHA1
  
  bce3d6fb9eec3f2d2695d96e61442a58039d594a
- SHA256
  
  1992c044963f5c77aa7b5462e2bb69a37c66bc0e13032524fb1663c0314fd420
- SHA512
  
  b6f472c8296bbef5da4baf638e98c2e0c42ba3fa783c69a6c0cc1e2f92f4c365d6d1c0bcf26e1644bacd4a001fd97c19b5fe2b616ba3c0982fc7edefcb59ef7f
- SSDEEP
  
  96:eA/w8VE6wC4NrkXyhWZ2JMQ4LI5aUZ1ZM2a3:v/f/skjZAMTOA2a3
Score

1^/10
behavioral11
- Target
  
  Monotone-HWID-Spoofer-main/GetInput.exe
- Size
  
  3KB
- MD5
  
  2ba62ae6f88b11d0e262af35d8db8ca9
- SHA1
  
  69d4ccb476cfebdf572134fead42a12750580e4b
- SHA256
  
  3f5c64717a0092ae214154a730e96e2e56921be2e3f1121a3e98b1ba84627665
- SHA512
  
  a984212245e401b68872623437a512898a00d71cca7d7b0aa6733663020cae92d50ce1ae3abafbd811542a77e72c8b6a5755492c07d6ddeb2642d908142c2ccb
Score

3^/10

discovery
behavioral12
- Target
  
  Monotone-HWID-Spoofer-main/Getlen.bat
- Size
  
  1KB
- MD5
  
  8c1812e76ba7bf09cb87384089a0ab7f
- SHA1
  
  d3edf2ba081073139960a955e812e6bb7f63817b
- SHA256
  
  83ce5342710a2f2e385a363402661e3426728dd6bcfe9d87e22f2fb858b07bde
- SHA512
  
  618abe11f65fe95cdc1f1834bf24ddbbea789c971788af7d2248b880e53d11a3c4302bd8e3c3c36b934f5f7d975d1b142fae8fd23c9ed6cfa118c97e01f6fd14
Score

1^/10
behavioral13
- Target
  
  Monotone-HWID-Spoofer-main/Monotone.exe
- Size
  
  393KB
- MD5
  
  3c4161be295e9e9d019ce68dae82d60a
- SHA1
  
  36447fc6418e209dff1bb8a5e576f4d46e3b3296
- SHA256
  
  0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d
- SHA512
  
  cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6
- SSDEEP
  
  12288:ndoOphZgRZGJZzu/aeZjl5FeBTCVpgTfR:ndl/QZGTuHhjFe1C3gt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral14
- Target
  
  Monotone-HWID-Spoofer-main/README.md
- Size
  
  466B
- MD5
  
  d6606a21cee06a7e956914cce2ebd62c
- SHA1
  
  fcb352e23e8e09ab0d1ac33f3861eff3ce33f480
- SHA256
  
  3c277f602e6b8cf8c31887d68d0041fcda02ca50ac2b870381490931b8119d37
- SHA512
  
  bbe8b84457d2855c3721109a64e4ce8ca9cefdf923c83a5ee68c4549f573317bf551c7140492e84d961f8f5d172f4e93801483bad133d86917a1501a6a96d6cb
Score

3^/10
behavioral15
- Target
  
  Monotone-HWID-Spoofer-main/batbox.exe
- Size
  
  1KB
- MD5
  
  cb4a44baa20ad26bf74615a7fc515a84
- SHA1
  
  2581868c3d560e2b200d4f21d83271430167b377
- SHA256
  
  9553bc17fa0fd08e026c1865812b3388e3d5495a5394bbf671e5a8f21c79989a
- SHA512
  
  d19e6d0ccd89e52efdd2363185564cf83fcf3a37b55659dd1fd8b6574cf45b6147989b2c7b1e8029ce8136aa7ff74900494c1a30bbb65b96d9880ab7f77b6140
Score

3^/10

discovery
behavioral16
- Target
  
  Monotone-HWID-Spoofer-main/colorecho-vc10-x86_64.exe
- Size
  
  129KB
- MD5
  
  e2f377052409beeebf852803734e007a
- SHA1
  
  4d5e977acc59912bd451edae77ad58d977ed086b
- SHA256
  
  76fe5f9cef2c3a5c4f765d4c45167f4cf26cc6d469031f0d195d96724e9d82a8
- SHA512
  
  d88d3319a32ec3a8475fae03c74b1a5d7d8e92f3f5ffa1bc3326779d7d39e0bd18928a511be1ac965fb1c2e2da1cf0935fea38bbf847f54033887c62b6c842d7
- SSDEEP
  
  3072:tJ45PBQ7m0bOfTbaeFCF5DCqzDlKOOXiX1w/A:n4pAmlTWPFhCg01iX
Score

1^/10
behavioral17
- Target
  
  Monotone-HWID-Spoofer-main/host.txt
- Size
  
  3KB
- MD5
  
  cdda0101630962eaee1ef0305c2028c0
- SHA1
  
  9ad08997104c48cc56536e08d743041d44f507cd
- SHA256
  
  ecf34c7bc93d5b7f1ea5d8d17e488946eed415128658da3ba2d02633c543234b
- SHA512
  
  9cb0bbda17fbe3c25279649aa13be42f1c6f66cb37a2b67426a3f125fde32c68e9ade55ef327b4f0dfb1102f7bc5ff9ba831ec1e06cc8946c443f148aa0cb4e6
Score

1^/10
behavioral18
- Target
  
  Monotone-HWID-Spoofer-main/hwid.ps1
- Size
  
  3KB
- MD5
  
  05673d49cc5f31e3d4812b7cb7419641
- SHA1
  
  07b3b298b067439da6e6ae37e51bb1701c33165a
- SHA256
  
  c7c54526b07f457e58d423ab22d61a0efd78ad112be2ef0a1efe6c25013df185
- SHA512
  
  5f5f380a3cad0cf1aa95244d6b1fca4ccdd10c8c882e045405d5600f242b8ed3306f485a3396db9c362f345b79b03d2db79aad7a1d92f09167beea0acf524d32
Score

3^/10

execution
behavioral19
- Target
  
  Monotone-HWID-Spoofer-main/mac.txt
- Size
  
  6KB
- MD5
  
  58726bcb98b77afe581a7833c8f35f9a
- SHA1
  
  7dcf281240fcdb4b8485a7df76644be817f29cab
- SHA256
  
  e53a19f0f36d7e7be98522239e8ac2af3248f4fe4b046d9fe270e3907ce11401
- SHA512
  
  34c5ca63ac4d86b8bce0a6a2676aa8c51bab85f673cc7463ec66e505730878d5803bc0897f94a7e5e7b1832a977a728c3899d70fb08ff9a11211b18a5437cce5
- SSDEEP
  
  192:sNwBAoTrUETdTG3gUoaVLYIRH/kK7rLktmdcRwx7CNraxc1HL:sNtKJaXoi0MH2NRGc1r
Score

1^/10
behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Detected Nirsoft tools

Checks computer location settings

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Enumerates processes with tasklist

Suspicious use of SetThreadContext

Checks computer location settings

Enumerates processes with tasklist

Enumerates processes with tasklist

Lumma Stealer, LummaC

Lumma family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20