Overview

overview

10

Static

static

10

Exitlag (i...d).zip

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Exitlag (infected).zip

  • Size

    958KB

  • Sample

    250106-hrbtfazjgw

  • MD5

    b45796f1bd592d9b6b8c224fe289a712

  • SHA1

    aa2f9b451b5d8d52d2f562bfd6da3d366d936179

  • SHA256

    f497fcc25b5e1992ed5e9887363049dcf2163b91bc0eef4a66755ae6ff5283db

  • SHA512

    4b7494690fc117e40805d043a400c5f49b3f045880befaec0e12d4a408559146ae3b71c8a4415b493d8e42edf13c4216800a7ceabbb9a4dc0c6e245e265d1ea1

  • SSDEEP

    24576:YTY95kYpQrbsS6VAFlyhBup/nrqs70XOddXf:YTY95kYpqsSIAF8L0/rT0edlf

Score
10/10
lummaexecutionpersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://servicedny.site/api

https://authorisev.site/api

https://faulteyotk.site/api

https://dilemmadu.site/api

https://contemteny.site/api

https://goalyfeastz.site/api

https://opposezmny.site/api

https://seallysl.site/api

https://forbidstow.site/api

Targets

    • Target

      Exitlag (infected).zip

    • Size

      958KB

    • MD5

      b45796f1bd592d9b6b8c224fe289a712

    • SHA1

      aa2f9b451b5d8d52d2f562bfd6da3d366d936179

    • SHA256

      f497fcc25b5e1992ed5e9887363049dcf2163b91bc0eef4a66755ae6ff5283db

    • SHA512

      4b7494690fc117e40805d043a400c5f49b3f045880befaec0e12d4a408559146ae3b71c8a4415b493d8e42edf13c4216800a7ceabbb9a4dc0c6e245e265d1ea1

    • SSDEEP

      24576:YTY95kYpQrbsS6VAFlyhBup/nrqs70XOddXf:YTY95kYpqsSIAF8L0/rT0edlf

    Score
    8/10
    executionpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks