General

  • Target

    tiktok_v37.8.5_premium_mod_apk.7z

  • Size

    17.3MB

  • Sample

    250111-pcwzds1pen

  • MD5

    fdfcc4dad425b371fbf5a7a656079e31

  • SHA1

    cfff4a729c73969b246efd1aa4f6a35fdbe9d4ed

  • SHA256

    7e81255c0d2ea93e2be6fbbfd72def095dcdb2d49e70084567e8374ab35b4c3d

  • SHA512

    0523dea6099d2310a28c79c82e758c9713cfa07ae8146b395dc762bb9f1d9b7db39723a22490ae268ebe1ce19a9ce6cdb98981ab20b3135772943fe58d7fe7a2

  • SSDEEP

    393216:3DoGtbjZwgLL6LsvOGjcS1L4Qkv8u+Bs7gBOdrK5lb:3Rv9vxjceMWs0Bj5p

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://goldyhanders.cyou/api

Targets

    • Target

      appFile.exe

    • Size

      791.2MB

    • MD5

      82686e0955d4f95f17aed722c193b2b0

    • SHA1

      8670a7d38ffa8949f43765810352e3345fc9b06c

    • SHA256

      b599b90fbdbcb848845f27909f7cb450ef803aa381c6ecf208583514dfdb8197

    • SHA512

      a9fd5a230befd1fc634ccd31aa0a9ae1517f1e5ca112e8083f82753c1e0a777a7e51d876cb2b22536ab57d354e8a543bd384182e71385542a76d8f7fedf429b0

    • SSDEEP

      393216:niq6P6wKHS/WIueH446OQWlY9D056oJtIu+ue+I0lH8GxKOJ2x+rJvgtAFuUzY:cPsiHhAtiKOubGY

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks