Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Ps99 Duplicator.exe

windows7-x64

10

Ps99 Duplicator.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ps99 Duplicator.zip

  • Size

    258KB

  • Sample

    250107-h3thmasker

  • MD5

    26ba0e85f98647442f6f3fb68c5a0fbf

  • SHA1

    d5637ffbff40d7e50ba2aec434bcac7219e2cdab

  • SHA256

    add4313bc558d395b550227f6b1e6873ffb1cbb23e146fa3e6f195390439d0db

  • SHA512

    292702747a302a3f8b8b54705a51049e0b09438bf20edae9cb52bdda6f3abf536477babcc37b37d499c4649562c932ee6bfbfe616094a14c2286852bb6a85109

  • SSDEEP

    6144:Nsn8pQzs97L3co0N7JfgQph55c1HlrCBadBlMO1+9h7xR:6bBnN7JIQaHoC3M9h7j

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Targets

    • Target

      Ps99 Duplicator.exe

    • Size

      507KB

    • MD5

      0b302e592f1cc0c5c10c15dbe7e7769d

    • SHA1

      385e8478c5d84b41578bfddba235df3216ba9536

    • SHA256

      d3c1cad594dc1780682c5360491589898c91a51732c78a66e2a41b0cb35b7d05

    • SHA512

      20157b3cebd76db9d7ad7c32a1baede94bd656d75c2e29a9b9409a28ea89176cc68f8cc9acd46c701e4e38044c2d45585e7c930e42c16ce4fa994679ee4a6747

    • SSDEEP

      12288:Flz+rW2k8wcin+TQj+PmrvW03cgzG9zl:bz+rQ8wcinWa+e

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks