Overview

overview

10

Static

static

1

EzIntl.exe

windows7-x64

10

EzIntl.exe

windows10-2004-x64

10

.data

windows7-x64

3

.data

windows10-2004-x64

3

.rdata

windows7-x64

3

.rdata

windows10-2004-x64

3

.reloc

windows7-x64

3

.reloc

windows10-2004-x64

3

.rsrc/DIALOG/105

windows7-x64

1

.rsrc/DIALOG/105

windows10-2004-x64

1

.rsrc/DIALOG/106

windows7-x64

1

.rsrc/DIALOG/106

windows10-2004-x64

1

.rsrc/DIALOG/111

windows7-x64

1

.rsrc/DIALOG/111

windows10-2004-x64

1

.rsrc/GROUP_ICON/103

windows7-x64

1

.rsrc/GROUP_ICON/103

windows10-2004-x64

1

.rsrc/ICON/1.png

windows7-x64

3

.rsrc/ICON/1.png

windows10-2004-x64

3

.rsrc/ICON/2.ico

windows7-x64

3

.rsrc/ICON/2.ico

windows10-2004-x64

3

.rsrc/MANIFEST/1.xml

windows7-x64

3

.rsrc/MANIFEST/1.xml

windows10-2004-x64

1

.text

windows7-x64

3

.text

windows10-2004-x64

3

CERTIFICATE

windows7-x64

1

CERTIFICATE

windows10-2004-x64

1

[0]

windows7-x64

1

[0]

windows10-2004-x64

1

[1]

windows7-x64

1

[1]

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EzIntl.exe

  • Size

    150.0MB

  • Sample

    250106-w6xlcawkfl

  • MD5

    10737d9d20c328e48a3037c493f156b1

  • SHA1

    b1b0d268c485c7c0f5b83260714d1e52297baa1d

  • SHA256

    b8fd45bf4d8c210d7a107a915ec2629ecd51ed745969274b6aa46d89808814d4

  • SHA512

    d17ef315563627da5bb481ee424e67d2d559666b96cf92226b86b04d0c31a3b333220c784382a6294149e7cdd545581775546a6aeadf54d1ab797fc3e456f545

  • SSDEEP

    24576:9etHGMwy9WuUSPl/hw6z89q1zfaaJ+1DPVhPQLc3nVQMK:G7zMU+0pJQ9hPQcQf

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

Targets

    • Target

      EzIntl.exe

    • Size

      150.0MB

    • MD5

      10737d9d20c328e48a3037c493f156b1

    • SHA1

      b1b0d268c485c7c0f5b83260714d1e52297baa1d

    • SHA256

      b8fd45bf4d8c210d7a107a915ec2629ecd51ed745969274b6aa46d89808814d4

    • SHA512

      d17ef315563627da5bb481ee424e67d2d559666b96cf92226b86b04d0c31a3b333220c784382a6294149e7cdd545581775546a6aeadf54d1ab797fc3e456f545

    • SSDEEP

      24576:9etHGMwy9WuUSPl/hw6z89q1zfaaJ+1DPVhPQLc3nVQMK:G7zMU+0pJQ9hPQcQf

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      .data

    • Size

      512B

    • MD5

      014871d9a00f0e0c8c2a7cd25606c453

    • SHA1

      92d7e0d8d66861f702d867dac616b7d02bca94ec

    • SHA256

      637a3943c555de3601588a8398252a905d18c17f9d49f750b812daa630abac68

    • SHA512

      3f1e945759614a0e0ee05d8cc7c9d3a9f0b2954f64c173dd8f755d6b422c0b2f1f7a5c3af8aa54f3c6909de65c125e048dd8d17ee55da3989c4b2c807d83874c

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      .rdata

    • Size

      11KB

    • MD5

      07990aaa54c3bc638bb87a87f3fb13e3

    • SHA1

      05985b7f60a664d2595e9406ae3b208c97597bbc

    • SHA256

      b38b34dfbb61b5fc0659b9861f09dfdaaa743cb97bf0134e7bab66a75ddc940e

    • SHA512

      0017dd49d85c6aa9e8351c7da60f1150cb241022664151f0d2182a7a344f46286eb9f131f75a5f1adcef57a1362689a3c40a37547acc262aba92b742c13b65ad

    • SSDEEP

      192:wiR1IorPNhxjQFOdiq343py7JRWVS7yWymPn:9RiaPblQFdq343pwrWVaymPn

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      .reloc

    • Size

      4KB

    • MD5

      d035e2aaf2ca623d94a572821f95b139

    • SHA1

      6bb7b7ee94273c539cab25f3c6d5ff1d833296fc

    • SHA256

      93f45aa45baedcfd4ff9d69146bd5b7c60f7394f81bb48ff605e6de27befd153

    • SHA512

      8211cce35080ff547d17e0712b75afa1794def4969a210b05e168300f9ca4c83733df43c8b6ec775442e24e12310bae594c93d4a190aa9952b2ab66291fddd56

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      .rsrc/DIALOG/105

    • Size

      256B

    • MD5

      3409f314895161597f3c395cc5f65525

    • SHA1

      1a99d016d65e567f24449d9362afb6ac44006d0b

    • SHA256

      fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96

    • SHA512

      f3e7394fa49325a7ea46728b77a5e819e18d63049d54c6adf36d08619709484f8bbd20206416d3c1440bd70632d99d9a45f3488482353f90aa21aa6ee3915427

    Score
    1/10
    behavioral10behavioral9

    • Target

      .rsrc/DIALOG/106

    • Size

      284B

    • MD5

      2d12c45dc2c029044aaff357141cb900

    • SHA1

      083db861ab3c7db23c6257878296e73a89a74b8b

    • SHA256

      69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729

    • SHA512

      a50dcf605a914f0a6f94b3f815be159c2b729d005a25d6cc9120c4d34445cae2d0b20df3dbdc7672f316010c6a47079265548a1ed5a523896963b1a3ddf98a17

    Score
    1/10
    behavioral11behavioral12

    • Target

      .rsrc/DIALOG/111

    • Size

      96B

    • MD5

      6be4e1387d369cf86e68eacbdd0e81dd

    • SHA1

      351970fe2681b9b35b5d59ad052011ed96a96e17

    • SHA256

      85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0

    • SHA512

      b81b287de73282cc5a7337559fbce5af01d1a440f04ee97c6a8e1de0c787ef38936c951b802014b841fc517fe7f2b916266dc8c35cd5de1ad0c630dc2218fa81

    Score
    1/10
    behavioral13behavioral14

    • Target

      .rsrc/GROUP_ICON/103

    • Size

      34B

    • MD5

      fef70deba8476962e234e4df59506178

    • SHA1

      0543ddc0d23d085e6619baaa8767ab8783b35e56

    • SHA256

      09f21f58ae42ae4cae9b4f4b5fc71453757cfd8cda9b55ec68fc1e05a5559b2b

    • SHA512

      5cfcb68965065152687318d6fea1a17031561fc56c92311fe5ab8668ff5ed9a691c72b288d8111d54865bcff8e1bc474f63ac1a57e2ec387ce019981cf248dd2

    Score
    1/10
    behavioral15behavioral16

    • Target

      .rsrc/ICON/1

    • Size

      24KB

    • MD5

      a42adf172a8b767e05e32e300913d000

    • SHA1

      ce98c2b8b45442120d4f812f27625f2ceb1ed1c2

    • SHA256

      fbaa1c0c0203745ba67aa9bd2f9e29f945dc15fd28d8cb54c4db1126eea55731

    • SHA512

      3c817709bf4b7d435df121afa002439a42413a06e52b17894f5f1b75982fcf7c78181390b3db54671cd37a11b46bd52c3e3753e52e99a01e1b63c46bb92f314c

    • SSDEEP

      384:GKnQXPEYMHjjcKM1M/43k6uX0g5QgRoemmOT33JEg8tGWcP4qgobViT3mhhNLp:xn7joM4hgVN+Vm63oGW24qXb8Mjt

    Score
    3/10
    behavioral17behavioral18

    • Target

      .rsrc/ICON/2.ico

    • Size

      9KB

    • MD5

      d36c5afbfe01e1490dee194e430764a7

    • SHA1

      2ee3c508fa1a5bdb900463b62d766ab2ad7599fb

    • SHA256

      891b78000625b8302601384b1661960518d56dcf4d17e68bb7280d8f8a72516b

    • SHA512

      09fb5013e02f316cf6e9ac3b1cb616134ec6e7b79bae5b82d6821ef5c7d4e50730878f625b4d1d30b782596a01d35175a37e9d894f98505f3cb19c9e1f09b2a6

    • SSDEEP

      96:kcWOMneQG3bNYEH2fCMHkABU04Eix0rk5DeruiTtTsOjn1jSE11nza+sv+:kuMnLubNYpCMHHT4j04563twK12EPo

    Score
    3/10
    behavioral19behavioral20

    • Target

      .rsrc/MANIFEST/1

    • Size

      726B

    • MD5

      98532ccf2df2c019bd9791a767c99973

    • SHA1

      8a1cb5e5cf470e6b3ab544bf8009132d87d2326b

    • SHA256

      2bf05590410fb6b30494a3251789f0d8a4b9da7f3e87fe89b64cace1bc0a02cd

    • SHA512

      2f3ae5393b95c33c17702d5d358c6545457112d96e2a3a8d7a2fd82bbaff6a82b29787d95b3c6f4dc69cc23373c8e129057f80b1e4ca072d3f4f1752067d664a

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      .text

    • Size

      27KB

    • MD5

      00499a6f70259150109c809d6aa0e6ed

    • SHA1

      3f4c995439cec283f1f51d71acb1f25bef740b63

    • SHA256

      6cbf0a221c26d69af8cab6a9925b0b331082df7f79d671fafe3f4942145c76a3

    • SHA512

      bad533ac5b9872c345212e7d70e23ab02dfa73b42882f76b45448d0a238afd1773e60ad755102a6d7b978af30acd78b0283b7f7f45c2cea9eacf869ea787a87d

    • SSDEEP

      768:ZSuEBr5TxZ3ILakH+MQTbTf1YK5dEde6w4tKmc3K1RHpuiCYy:BErPZ3IBZcbTfu1HlrJFCP

    Score
    3/10
    behavioral23behavioral24

    • Target

      CERTIFICATE

    • Size

      9KB

    • MD5

      73dc2a1fc1e4f3d5b2edae0c94765dbb

    • SHA1

      49712a4879cb4830de8eeca66ada4f0aef6e8cc3

    • SHA256

      06072f906b87830be499e36ea12de60c9a8181b14f98925eb50f46be9ead3124

    • SHA512

      2483407750482ed5b58e3be38733fd643bc47e735b26b54d7c49435e6aea73790cb8b84738f7d21b0913dc4afacd8db69cb5bb8226258493315bd7d69f1eb241

    • SSDEEP

      192:rIYiYF80CKRZKx7yzXO4NKzYJzkMDxHtFhFwlMu:rIYi5Km0zX9NfNY

    Score
    1/10
    behavioral25behavioral26

    • Target

      [0]

    • Size

      2KB

    • MD5

      f4f0c5282559707670a306c46097ffcc

    • SHA1

      3417351819d02450b527af5b3dbba95c52f911e5

    • SHA256

      8f4fff35166f08142b23bf90e5c36f72c3a730b549d172768c2fa855a338122e

    • SHA512

      ebda56045c88ad3b87a896e06cf3747d411a28e4270554de5ad25a28343a4b3f54008dc4458e624097ea157208e2944d67c64770346047a202e0d978adf88175

    Score
    1/10
    behavioral27behavioral28

    • Target

      [1]

    • Size

      149.9MB

    • MD5

      adb620cbd8a47804aa525e1737ecddb7

    • SHA1

      02609037deb8ce3b2d24a9f3c81ba91f773d61af

    • SHA256

      78b1c39a159a779827792919960c095753f82d0eac69fe4adb799ec4d352958e

    • SHA512

      218bcc68fc5afe83a86332be72c93290e45649bde99aa5ea61eff1fbd80251719594be74f40c016bf63afd77f1d2bc33b1601619d17c8ed712e6f4d73413d775

    • SSDEEP

      24576:HGMwy9WuUSPl/hw6z89q1zfaaJ+1DPVhPQLc3nVQMB:H7zMU+0pJQ9hPQcQk

    Score
    1/10
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

lummadiscoverystealer
Score
10/10

behavioral2

lummadiscoverystealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
1/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10