Overview

overview

10

Static

static

4

Captcha.hta

windows7-x64

3

Captcha.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Captcha.hta

  • Size

    2KB

  • Sample

    250107-p826aaskdx

  • MD5

    a7045bcb116c3d85f1ff3706bec2b920

  • SHA1

    4ff06af316d7e0453c948d358065d71301ea204a

  • SHA256

    8abf12e3a919213c8ff825c1cc1df070990156d829bd5c55d6ce2f6974d77272

  • SHA512

    81be5feffa1fec60145eaf21f4918a69dceb346d818560c38f9fc9ef0d972b6137b6778c3134a5a3d8e03bab1790fa1193c2ccffbd6beaf2388a1a12a9d4c4c0

Score
10/10
lummadiscoveryexecutionphishingstealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

    • Target

      Captcha.hta

    • Size

      2KB

    • MD5

      a7045bcb116c3d85f1ff3706bec2b920

    • SHA1

      4ff06af316d7e0453c948d358065d71301ea204a

    • SHA256

      8abf12e3a919213c8ff825c1cc1df070990156d829bd5c55d6ce2f6974d77272

    • SHA512

      81be5feffa1fec60145eaf21f4918a69dceb346d818560c38f9fc9ef0d972b6137b6778c3134a5a3d8e03bab1790fa1193c2ccffbd6beaf2388a1a12a9d4c4c0

    Score
    10/10
    discoverylummaexecutionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks