Overview

overview

10

Static

static

3

Fiddler Tr...it.zip

windows10-2004-x64

10

FiddlerSet...st.exe

windows10-2004-x64

9

RElease-x64.zip

windows10-2004-x64

1

fid.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fiddler Triage shit.zip

  • Size

    24.0MB

  • Sample

    250105-l2ff6asqcq

  • MD5

    aab4af7ab6d12b3601ac10f1b964a68b

  • SHA1

    455a4309576110b0941c4274cab6aa50d39ab5de

  • SHA256

    67385b876e3f23b60975da253b4e8e6609ae991a0b7438d24e8d2c37138ebc87

  • SHA512

    57b360fef21732dab4c2a090eb5bb144116c667ba1cd4fffff211c37394473cd81d141880928647058ce457943fecc78e72fe26d103eba381c850a39bf7786c4

  • SSDEEP

    786432:43pbRYbps1mkEsOVZeBILTsnnTTg3izTFaf:EZREs1pNUGInOn00Ry

Score
10/10
lummadiscoveryevasionexecutionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

    • Target

      Fiddler Triage shit.zip

    • Size

      24.0MB

    • MD5

      aab4af7ab6d12b3601ac10f1b964a68b

    • SHA1

      455a4309576110b0941c4274cab6aa50d39ab5de

    • SHA256

      67385b876e3f23b60975da253b4e8e6609ae991a0b7438d24e8d2c37138ebc87

    • SHA512

      57b360fef21732dab4c2a090eb5bb144116c667ba1cd4fffff211c37394473cd81d141880928647058ce457943fecc78e72fe26d103eba381c850a39bf7786c4

    • SSDEEP

      786432:43pbRYbps1mkEsOVZeBILTsnnTTg3izTFaf:EZREs1pNUGInOn00Ry

    Score
    10/10
    lummadiscoveryevasionpersistenceprivilege_escalationstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      FiddlerSetup.5.0.20245.10105-latest.exe

    • Size

      4.4MB

    • MD5

      c1980b018489df28be8809eb32519001

    • SHA1

      e860439703d7b6665af4507b20bbef2bbb7b73f4

    • SHA256

      588024037b1e5929b1f2a741fff52a207bcab17f0650ec7cb0cd3cb78051998d

    • SHA512

      f70d419e869e56700a9e23350a9779f5dd56bb78adb9a1b0d5039287a24f20004db20f842294d234d4717feaa3184a5e6d90f0ee3666208bad2ea518d37b0a35

    • SSDEEP

      98304:qMgxyUnSAaB1eXq8yOkLiGXv72Qomw6pvtFIAwdaRdA:qMoWvePjqHv72Qo96pvtF5wH

    Score
    9/10
    discoveryevasionpersistenceprivilege_escalation

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral2

    • Target

      RElease-x64.zip

    • Size

      19.6MB

    • MD5

      5cfd1f682e5ee044d1fd259fa02398ed

    • SHA1

      9887d8c670882c77b5f80791035d485a4b0ac30b

    • SHA256

      348262f755d1ca868647e57fef8a8bcb1b409134f3e275c444de6d3edb9c98cb

    • SHA512

      0d296261db1a0b7f62d30ae5a09ab4533607ef70d35a389df8b1e12ec103978e0ef19c434db08c0119d080521ca54b32c138b372a681a1e246f3bcb02368a167

    • SSDEEP

      393216:ppIutnYNJcYw96nsFrm02qEszOVhDS+oBkxXLTsnnL3Tg38zwSPzTFe7XYk:ppbRYbps1mkEsOVZeBILTsnnTTg3izTc

    Score
    1/10
    behavioral3

    • Target

      fid.txt

    • Size

      976B

    • MD5

      f796e4813f8fce9d3e02e2037cf042bb

    • SHA1

      e56e26e3881004694588f7fb9a0215672577be47

    • SHA256

      11a9c333368395e4f8c1d81bae31cbdef04db1b960139f31e856030351904a5c

    • SHA512

      0346e1582dc354707dbf33badac5d7efef20e3dc075b2b78f3b81f3f0ef8fe8258495b7761d64a75c2d09ca68cbb425f1ab272446cc0419d0b1d598358777628

    Score
    3/10
    execution
    behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

4
T1012

Software Discovery

1
T1518

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks