General

  • Target

    SoftwareApp.rar

  • Size

    6.5MB

  • Sample

    250118-wd7kva1jhm

  • MD5

    f5b8e5fb55edcbb660309a0c27264158

  • SHA1

    af905e79d44c52116fadcdc93719cabcb635f215

  • SHA256

    3c7f1a128de9afaf53eb1bc04944eceddc0e8dbfca6dac520e51c7da7d925848

  • SHA512

    2d6b230cb3c134086e041181c6265c3775fb04dff5b1856fd9f102d5be58721e80538f784ae285cdcac1554fc1c95ce52c25800fbdfd1ebee9ab1f746c793ad9

  • SSDEEP

    196608:HeTWnzsvSZw7eLlxEJxe8ALDGIRTK6G2Tn:FsvSZqIEe8ALDHK6G2Tn

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs/api

https://motion-treesz.sbs/api

https://disobey-curly.sbs/api

https://leg-sate-boat.sbs/api

https://story-tense-faz.sbs/api

https://blade-govern.sbs/api

https://occupy-blushi.sbs/api

https://frogs-severz.sbs/api

https://curved-goose.cyou/api

Targets

    • Target

      Bin/Privacy.dll

    • Size

      1.4MB

    • MD5

      4026a37e76e33ed6a81de05f1459e1bc

    • SHA1

      6513212771dd2d4f9cc061c4e14b50ac5b2c85f6

    • SHA256

      d6d3bab4393ae5a27539ef0cd4e0fd5170284a631e7c44ec57dcdac66e7974a5

    • SHA512

      bfc2d1d97ca793a03e099dbcbc43d343030248be819348ca4956700b2984e71916b9e7da55aa459de9a45c45c231071ff4a91ee5f804027e672851920b996a43

    • SSDEEP

      24576:Z+sFjZGRCI7SdomYKoUXZNAxe4BaIvufnX1:ZjOSnA44B98F

    Score
    3/10
    • Target

      Bin/RulesAPI.dll

    • Size

      2.1MB

    • MD5

      0af80bfc69d7c3451c6d3b90d7313c8e

    • SHA1

      e54e9830f6be8f024fd8a280c71107ff501fedbd

    • SHA256

      d427297511cc0f637801aabbbe8a5a5526d1bf67cf15296839dbfeddc10f3edc

    • SHA512

      5e4bb27c2686b9fb3f87f3afaa72250da67d07a4f00ae58279f064d848fd127a3be0ad4919b4f56a3618984cd3f331e48d05c923220e144d974c9073528d3c5c

    • SSDEEP

      24576:zxBDa823oFojLiY7KKDt370HDnd9BiS9IgBxOUsFsu2td9TCZNw:dhsR/tO9oSyOOkMZN

    Score
    3/10
    • Target

      Bin/Skin.dll

    • Size

      96KB

    • MD5

      69f0c471a3f0964929b31dccbb817ef9

    • SHA1

      a4456d5b4b39f5d01bf10473a3d7d4ca3e649aec

    • SHA256

      a5e06515287258e21449579ca5d6f9a386fc52a5b5e87326e6da404fe1be5c76

    • SHA512

      c7bbe28d25495474153f3d70817888b04e3b06ddd7657ea4644293d3644689a7254c6fcf837824f6309f9b84f9d820fb55473d3e6ce17272f22f3cae2bd3b085

    • SSDEEP

      3072:61AlPrR14tzeTZeKujZVLR3OebMCuOAa8RK:esPrRQuujZZR3Oe1AA

    Score
    3/10
    • Target

      Bin/dbghelp.dll

    • Size

      1020KB

    • MD5

      74edbb03de3291fcf2094af1fb363f1d

    • SHA1

      16b5d948ed7843576781dc4f2a391607ac0120a4

    • SHA256

      dca9f45efed8eab442b491aebda3e3cce7f5f9fc5de527d2dbdfd85a5be85dfa

    • SHA512

      b08eb03c54f25979c5aee745530ecd51c5761eb99871b867ff84e14590b32ef3247e17cf63bf953ee1efcb0fda8c4540191b9280db33359fdca352967e42b289

    • SSDEEP

      24576:YXm4cpDFYD2aC0jH5yrrXlpWrCSyZC0wLHr298TG00g8EAB4a:hpKD2aC0jH5yr7DWRyZlwH29vjDIa

    Score
    3/10
    • Target

      Bin/dllhelper.dll

    • Size

      153KB

    • MD5

      1b13ac6572d32448c0e15bf00a04fb98

    • SHA1

      b145d3e5b2649af1e6c680e8a7f0d5b6f7c962e4

    • SHA256

      9eb3aabe31f6e0254ecbbb7fffa6f11428e8f85f785739c62fde88be09c81a78

    • SHA512

      b754b8607d04fbd6165023b5ef1bf01f2af60ce9595ea3a2f7cf03b28355a92310f6d5cbb27247d9270debe62d9eb688778a065cb75ff0d4411d97db283c173b

    • SSDEEP

      1536:B2ozr2yXFR9TEJYSCUWB1VBbM4mndJsBjUO6sZ9ynxj/6gfyU78uXBaiurkjPZjb:0ozrhjDSCJmuliYuRVokjBjEw

    Score
    3/10
    • Target

      Bin/dllhelper64.dll

    • Size

      228KB

    • MD5

      e4c67cc149ca5fa61382f8654409feee

    • SHA1

      408931b18d31562fe9f3419d7663a1cafcc7f65f

    • SHA256

      f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6

    • SHA512

      49de4dc0de0f25dd279a33124fc4fdc2b80cec6105c70290db48f77068775f1727c5f4d996bf41f5ded424de0318a5eef9e0ad08050a0fd3a8964c94afa89f8b

    • SSDEEP

      1536:6kig1Ac42h743XNd55vQryAdbEPVBbM44DdROpiMnesVWDwVPhVbOucFCDrMq1np:jT1lh743rvQ4R46hJ/Uyxu9yLBRiy

    Score
    1/10
    • Target

      SoftwareApp.exe

    • Size

      1.1MB

    • MD5

      79027a797eeeed90f0f914f229750eae

    • SHA1

      8e0576501a2a5b873754c6a7f0739bd79510164c

    • SHA256

      30338f9c85111cfde8e68398db0427f89a549427e0598384744f4a27d9d836d1

    • SHA512

      20d77e4c1dac67e5aeab3ec7c61bb5a5aecc10dd6f799ea99f9b8ac5ceb63b6a52d7f6d1089eb7c4c865cd081dc2ce4a2f886d56a159d1b8a41db9461b2c87e3

    • SSDEEP

      24576:ZXOMDyej0BM8I7oRCL7piz5nWXjeZW7nw5X319kSY07C7L:VPWe01RRGwn4jeZW7w13kSYZ

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks