Overview

overview

10

Static

static

3

InstallerFFM.dll

windows10-2004-x64

1

KeyActivator/Key.dll

windows7-x64

1

KeyActivator/Key.dll

windows10-2004-x64

1

KeyActivat...n+.exe

windows7-x64

10

KeyActivat...n+.exe

windows10-2004-x64

10

Locales/Adobe64.dll

windows7-x64

1

Locales/Adobe64.dll

windows10-2004-x64

1

Locales/Ad...on.sys

windows10-2004-x64

1

Locales/Ad...ce.exe

windows7-x64

1

Locales/Ad...ce.exe

windows10-2004-x64

1

Locales/Ad...te.exe

windows7-x64

3

Locales/Ad...te.exe

windows10-2004-x64

3

Locales/Po...ls.exe

windows7-x64

1

Locales/Po...ls.exe

windows10-2004-x64

1

Locales/preloader.dll

windows7-x64

1

Locales/preloader.dll

windows10-2004-x64

1

Locales/runtime.exe

windows7-x64

1

Locales/runtime.exe

windows10-2004-x64

1

TradingView+.exe

windows7-x64

10

TradingView+.exe

windows10-2004-x64

10

TradingVie...er.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TradingView_Premium_Free_x64.rar

  • Size

    106.1MB

  • Sample

    250109-2t6alstma1

  • MD5

    d396f93a7e501b8ab6b3a93909071aff

  • SHA1

    b9f7e8e5df2d61cafef9aadd851b60bd9c79eedc

  • SHA256

    8e2a5aecc1cfc703c0c3c03345885f1add043ed66c656e870fbe1d78c02fb455

  • SHA512

    92ae71cc812cfbec7608bc475a790f9afbc065de25dad5c6cbb3fadb3c7316809d9bc3c993bd4ea5aa511527b4cb1dc37f99eb67116fa8511e917857b48155cf

  • SSDEEP

    3145728:RVhSTsTvW+sRBSoszGBpyDXWaHMrbqE47xoZh8hd:XPvWDBIzaUNHmuEgxOKd

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://truculengisau.biz/api

https://spookycappy.biz/api

https://punishzement.biz/api

https://nuttyshop/api

https://nuttyshopr.biz/api

https://marketlumpe.biz/api

https://littlenotii.biz/api

https://grandiouseziu.biz/api

https://fraggielek.biz/api

https://whisperusz.biz/api

Extracted

Family

lumma

C2

https://whisperusz.biz/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Targets

    • Target

      InstallerFFM.dll

    • Size

      4.2MB

    • MD5

      fb99c35cce8c52a0d705b4eb3fcb9b9d

    • SHA1

      789493972550be8f94328f18689b837c4c91b8d8

    • SHA256

      b8b820e36b209668c6c93fd21727a109c333c225388064486ba59a2fd1378748

    • SHA512

      6176fcf1410242fad4e188027d6017b373aabfe367d932f58cad11dc887b28440fe8b15b8f4014447f21e93d74c403542e82915a83f1153d0c307409281e914f

    • SSDEEP

      49152:B0ENnTAfxoUGx6rZykrFKiFDqB4T/QkJUAoQ7dWyMyICKE+X6CfHBWR/Zpb+vqbW:B0I6rYCQbAoQwyZPKU/b87

    Score
    1/10
    behavioral1

    • Target

      KeyActivator/Key.dll

    • Size

      80KB

    • MD5

      9ed0cc60faa1ca995f75dc8b4bf407c4

    • SHA1

      87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960

    • SHA256

      acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557

    • SHA512

      9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771

    • SSDEEP

      1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9

    Score
    1/10
    behavioral2behavioral3

    • Target

      KeyActivator/KeyGen+.exe

    • Size

      344KB

    • MD5

      be632346973263570ffb9f63acab9e4e

    • SHA1

      6baf8d3c283d45b5180e834a81902e58aca223e5

    • SHA256

      1aaa8b9ba8ce1b935898b4647c501bedc3252ad827d8fc0541c07c1cc31d7d65

    • SHA512

      5f84fdcc060f8dfcc333ece312137a9e423bd8dceb39311d852baacabb2a1c174e81cb56715b2b9e8c2c06e1876c4ea85f9c7d6cd65ac7ef2fe32bacdc2e87b6

    • SSDEEP

      6144:9VQr5hnwhfuqs5l9HGQw+cB1w0W4bNk5SQ0FWywNtB7ecJKtSvWlRzn9E6i:3QYoqrtBDW4buUFdwJ7lufxs

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of SetThreadContext

    behavioral4behavioral5

    • Target

      Locales/Adobe64.dll

    • Size

      14.9MB

    • MD5

      8fd69fe885fb30f1f27e87e0df1d540c

    • SHA1

      aa4206a40ea955eed1b98129c2ac456681b28bc2

    • SHA256

      24fce0917d27239eac192484e9e33881ce234348c8d73e6b7f16d83639d5bfae

    • SHA512

      0691d77ea91537fe429d6cf66a9b28959156e0f4663b9526dd42bfde8eee55861e28af3d7945372122abf187310aa678a8017f03a5dad7e006bb011e8aa80999

    • SSDEEP

      98304:uT+EP+UoS0iZSO4cXnHmk59ngwZ/LuBga6bB+vgrhMZIaGrXzSdv279h:E/P+UN5ZSO13Hm83BbB+vgr6ZId

    Score
    1/10
    behavioral6behavioral7

    • Target

      Locales/AdobeLocation.sys

    • Size

      64.0MB

    • MD5

      d0b136b869cc24e67b9689a6c1da6683

    • SHA1

      98c2b95d614f54b54dde3fa3b622e9d975ff9106

    • SHA256

      5839ab9a9dafc669f7b57c40a9a3cf897135a8c188d4f8d94e7e6ef13bca0d07

    • SHA512

      5d507f139c780a07b222c287965edf9aadc1a8c27b166d582de0d893ca73ed14ea4bc185e65474371871a383181f78e3362afcfb486bc7e1b301a2cb853bb569

    • SSDEEP

      196608:tn+43EbjKKC2y0i3tDxPnP1dIxkmDQRC+LXYASSlA1q48h1K4kv5SR6my2FDO+jo:t+Niv0if6kk2+t4fSyOWLN8R

    Score
    1/10
    behavioral8

    • Target

      Locales/AdobeService.dll

    • Size

      77.5MB

    • MD5

      2120b3d86e83923bcf15935a3dea52d5

    • SHA1

      ca33e6bc8fff580fa845c3e04ed9d7052135efed

    • SHA256

      f338487cc3370f1ff3ebad523594f5cf524716dcb8871a85ea54daa0344b911f

    • SHA512

      8be15c992afb0aa94ec42f066da6ab74665407d76be1a0959612946edb3428057b65eea860980be13c0d17b550817a1489e4925f8916778d1d12b037752be285

    • SSDEEP

      393216:RffYziXotlt2wJ9FcKFdu9CwJsv6t6d3+S5ZSO13HmObkDZF76vqN3OiUc3A3QOc:Rwicnz3PJG2CZ8SN3OLc3AgOSXN

    Score
    1/10
    behavioral10behavioral9

    • Target

      Locales/AdobeUpdate.dll

    • Size

      3.2MB

    • MD5

      eb8d77b00c8e6f20ac2d678fe0aad74e

    • SHA1

      2dde69b0c00eff47354ada3bb11c17858a4fe107

    • SHA256

      572244187c3ff7e5c95eca2ec4902e53d617ebc9438b4b65004b645ed3306bf5

    • SHA512

      7f2c97da235a3322df1be8920076993ef6fe957aa9ca8599fbbfdd8c316b87cea8736a126310f4ea28336661900f9b2c1dba5c84f020ff9f14a6e43275f812d0

    • SSDEEP

      49152:VLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvXi:7wSi0b67zeCzt0+yO3kSg

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Locales/Policies/TradingTools.dll

    • Size

      34.9MB

    • MD5

      f873118691b6f3a1c70d506f1b192028

    • SHA1

      ca919dc9b634fece0ff5d60ee1055ca6fc7e3b46

    • SHA256

      03dfc11a2e086a315b11e13d7535d90d6d6d6993dca150ff29076a98319b666e

    • SHA512

      f3611465058b27b09f50f579703cbc1b45f28d204b09b304f0437b7f396e97136fc7e7593f1fd1e4cf0542f6d3815bd674d7b259aa0afbed140e61140e7a9ac8

    • SSDEEP

      393216:BBygh0wVcUWJb8VhMvLMCfNHcZuFQYDn794p:BB5hzWJUhMT3f5Gp

    Score
    1/10
    behavioral13behavioral14

    • Target

      Locales/preloader.dll

    • Size

      26KB

    • MD5

      3158a8163bb35ce6802af6b40f615d2a

    • SHA1

      8a91ae4c8aaddc4c215262640bf009d7432d265d

    • SHA256

      badb311d244ebe8c34d7bdf5066646abd3ec72fe11692823d35c320785173487

    • SHA512

      2bdce158163067890d177230995b399712dd0caaff59717ff30161e950705c2a29e110815c59a2bb93c5ea3135292efa52ebabebc7629130dd70fd3b1e527169

    • SSDEEP

      768:zOoyiqIDM9nsz3yUpr27b6afIHDHf/ck:zOViPDww1CbyjH

    Score
    1/10
    behavioral15behavioral16

    • Target

      Locales/runtime.dll

    • Size

      36.5MB

    • MD5

      035e5b695b1911951a191f5ce5cdc103

    • SHA1

      63243116e39f02705c73508a7a3fb874d7d16825

    • SHA256

      a4598c8d41430fd630b3d75210eec5ddd4c8cc98b83e21eb848f21cab78d5c1c

    • SHA512

      d42a558d32738ae9d3b63c727602e30b375b2b360f481031a591a8b3e495c479cde92fab2672d1ac0cd320fd0f031a1e1e6fcda930f3c913299c33c0e33183ae

    • SSDEEP

      196608:ITvIZJuykK43xcy7Jju/6ddoOelo+rM+uwZCl7pcX4Ppp02H3mztb8qmx1xhyB2Y:ITQZJTU7JukeOks58zmhyB25mGs825

    Score
    1/10
    behavioral17behavioral18

    • Target

      TradingView+.exe

    • Size

      344KB

    • MD5

      be632346973263570ffb9f63acab9e4e

    • SHA1

      6baf8d3c283d45b5180e834a81902e58aca223e5

    • SHA256

      1aaa8b9ba8ce1b935898b4647c501bedc3252ad827d8fc0541c07c1cc31d7d65

    • SHA512

      5f84fdcc060f8dfcc333ece312137a9e423bd8dceb39311d852baacabb2a1c174e81cb56715b2b9e8c2c06e1876c4ea85f9c7d6cd65ac7ef2fe32bacdc2e87b6

    • SSDEEP

      6144:9VQr5hnwhfuqs5l9HGQw+cB1w0W4bNk5SQ0FWywNtB7ecJKtSvWlRzn9E6i:3QYoqrtBDW4buUFdwJ7lufxs

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of SetThreadContext

    behavioral19behavioral20

    • Target

      TradingViewInstaller.dll

    • Size

      8.0MB

    • MD5

      352bdb960d5a031aec6ecc0415a4b895

    • SHA1

      fa8d34665c186e88f92b135ea0231238c71384d3

    • SHA256

      30e0b81e4e5b1a2e8d7918e5c76c6ca9c7ef661bb2df6735c638b4cfe04e28d8

    • SHA512

      10dae2de8f6d810f74a1ca7c3530c3d8d224fe079da37a56bf118e7f3f9e9dadb010f2aa7ff299155d854eac7f50e875b1b2ca3b10478b32384719acb439a8e6

    • SSDEEP

      98304:6Lx8SPXHXW46vnnQ8hW94TmpLJyNZKzO3B1l59XC3NZHYN:6LxfPXXW46vQfJ/y+unlTmNZe

    Score
    1/10
    behavioral21

MITRE ATT&CK Enterprise v15

Tasks