Overview

overview

10

Static

static

3

Launcher.bat

windows7-x64

6

Launcher.bat

windows10-2004-x64

10

icon.js

windows7-x64

3

icon.js

windows10-2004-x64

3

lua.exe

windows7-x64

1

lua.exe

windows10-2004-x64

3

lua51.dll

windows7-x64

3

lua51.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Software.zip

  • Size

    908KB

  • Sample

    250106-mbktmawnep

  • MD5

    6f676d2be92f94716a4be2b2b5f6392d

  • SHA1

    2e9a27380b2ecd17729ba0b61bbd35d26952a3f7

  • SHA256

    aefc0d264a6726fbbcfbb68385412b83d9928f0527813c543cb4f90d4920e419

  • SHA512

    2b0911894b54245f9f9ddee3a2f1a06d9066031d0aef6f52baa0addcb165f42d2d0627235bcc6f79f29b144960357cbdbb2b43dccbab1a849551773c3cbbd788

  • SSDEEP

    12288:5TyZHcK0Ty2wv8s7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S1:5GZWTpwkc/u/7IoRnUKfq1Dl4DYk

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Targets

    • Target

      Launcher.bat

    • Size

      2KB

    • MD5

      d7f990b9df5038c0eeab8525eeab05e7

    • SHA1

      f217d29ccae0525807a9b6ddac1906c4dedd2d97

    • SHA256

      2b33969e45b9a684b8a14b2b8becb4fc93f4b8e32cf2b4f6aaefc9f20200bc07

    • SHA512

      9a3fad6820c2734fd05148a3e743fe61c8ace54ded02a4146b08a9ffef15761e77993a0bd7577342556b09eb18b0df0cfea10161425bd0f945956b07c983f20c

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      icon.txt

    • Size

      224KB

    • MD5

      32ffd84173a0df93d1e347d784a59005

    • SHA1

      cb6152f9fef83f3bd3157aad5e2583c4756bd5a5

    • SHA256

      f47c99ddf6c9d84056629101933639be211a68f4b8b7f290c32afe3a19e7edb9

    • SHA512

      35be78e10a46a1b06b206bbb6c29cf70945b81c995bfed68ae1090db5e2f7eb395db934118df6146be67761cb9ed42f540c5303018b20d6a1e5b239a20990ae1

    • SSDEEP

      3072:wP3t1o4T0HkTUr9V3EGSf5yus3xwe3czkIort7V7IlTLYM6DWD3P2IoGu90zpWMA:23t1o4TPW45yuqHcK0TuwzSKI

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      lua.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks