Overview

overview

10

Static

static

3

NL7Lexicons0404.dll

windows7-x64

1

NL7Lexicons0404.dll

windows10-2004-x64

1

TradingVie...p).exe

windows7-x64

10

TradingVie...p).exe

windows10-2004-x64

10

eappcfg.dll

windows7-x64

1

eappcfg.dll

windows10-2004-x64

1

filemgmt.dll

windows7-x64

1

filemgmt.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2c42d2a5e37cca7fdeb19b7415d664f6eda8de67e6b9e6729172c0fb9de3fc8a.zip

  • Size

    1.2MB

  • Sample

    250107-ac7nkawraq

  • MD5

    78c0957cdacf920b749159c7f26ede6c

  • SHA1

    89a0af5551cec5807323652830ef60fa9089a718

  • SHA256

    2c42d2a5e37cca7fdeb19b7415d664f6eda8de67e6b9e6729172c0fb9de3fc8a

  • SHA512

    a2b820dbae34447da752863105b791443356f033163b533069aeaba27cb839145175e0b4c4c64f29cabfdc05eea6192f78fe7bb1546584dbfdce4c17200cf436

  • SSDEEP

    24576:EX4pttEZ+E8vDygn8dEbqNlZlKFyzMbVzgxTpL8AVYhtuQ7LPz7+xssWq9J6qt:EXdZKvhn8d/XZlKFnbBipLmhMQvEssWY

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

    • Target

      NL7Lexicons0404.dll

    • Size

      352KB

    • MD5

      8c9d1116b62e81500cd9da9a82d79a3e

    • SHA1

      ee0c693d4cfce798d12d7d8089265001ffc6dd98

    • SHA256

      f919165ad0b215cf8b7d114fc0a87740fdaaa4600c529330297261e7b79eaf31

    • SHA512

      b3bf19e91c089f0772ba94edb5b58bc15fdbbced7bb1d91f620780bd8bf706ff54fbc8872b768a6697d46feb1e3113d1848516967c95aedce2919cd980892c8e

    • SSDEEP

      6144:0LKMxWurJ9mN4JRNMDsjafhXiOR2qo8nvHTkJRf3T84S0cKdGNoMD1Xee5:pUJ9y46AkhBB/nvHTU1ZIoMD1

    Score
    1/10
    behavioral1behavioral2

    • Target

      TradingView 2024 New Version (Desktop).exe

    • Size

      646KB

    • MD5

      07feca81b29907ce6550288a7d2b8821

    • SHA1

      6252d362fe96293254a1f284a95355440a2dc2cc

    • SHA256

      eb28c83590f742bb8a12d01f4692421786b6a04dcf9fcc31df93de6d0068b717

    • SHA512

      add0f86c572a83d4d2baa8a3d79db1ce321ae846aa02afe559abc91da0bd8ca6bd3969f4e75372ea606057436fc5e3353c71d23feef843340c41be9d0b72d800

    • SSDEEP

      12288:J4CD99jUhaQS/Aby46x4YFFR5WQ/Ee4vbDAt8G+DiBezmm72kiz5iIrSEO:Osbkaqx6xDR5BEe4X2jnBeKPIt

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      eappcfg.dll

    • Size

      327KB

    • MD5

      5c8ee485ef4aea9bcecd36a46599e5c9

    • SHA1

      c2432d282ae4e2506f593a5f425b2977a706a6c2

    • SHA256

      0e40b1399d5804aa26eca975abbf0e687801c8183c803f23792676eb0ed05aed

    • SHA512

      9f3de35bbdca1419b8ed2ce04d7559f9493abc173a92aee8202121a896707b90aaba6ceb1aaa697d60f62bca8d9c2a4cc0763683b2bfc9fa3658e6062740ae00

    • SSDEEP

      6144:SsP0O5O7BveJG+g5sT9GBGDhHn2Wg9t48/a6MCzwe:MOxg6TQB5WBH

    Score
    1/10
    behavioral5behavioral6

    • Target

      filemgmt.dll

    • Size

      552KB

    • MD5

      d7c3007dca0312785bf75fe212506431

    • SHA1

      bc305aae544478cf70d90b5691e289db2dbad289

    • SHA256

      bcec0ecd295639e81044611f32e28a2b3129cce499b0cd44ba46514c01b0d84e

    • SHA512

      352495531c3f9f8a93bda697837a6ec1ac49c9b3f829519c9730107660955f7c17f214fe59a13e5da4222f4763de00605d835ef8891f51f4f518a12e350a332c

    • SSDEEP

      6144:P5QVNAaO89oYCiv15cKs8h6w6T0l/dwygqLGEt8BP9pW4+Lq2ZZZ1ZZZFZZZi92t:PhaO89oYCiv16ihhl/NNtI9pWwLIi

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks