Overview

overview

10

Static

static

3

Set-up.exe

windows7-x64

3

Set-up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Set-up.7z

  • Size

    121.0MB

  • Sample

    250126-rx5s5stpes

  • MD5

    5a7bfb810223f61cc78cd217c8077f48

  • SHA1

    c56efad058f8aa27b377366e8eb9635f9e32b2b7

  • SHA256

    c62b03488b490002e6162f6980d87fe0b4d0defd0ede12f918e573a48637390f

  • SHA512

    9bb788f111f31674a63703213b80f558f384d1e4bade1f7da6354ca48bb925cf6bbcf266df41e5f191b9e3ed370239624805b54be5b899c0012476e70a014bdd

  • SSDEEP

    3145728:7YZ8SDzZ+LW59lTZ0ZEJoIdWH1CoSDZGAFj1p5:7qXZ+yDTSiodHFSDIAJ75

Score
10/10
lummavidardiscoverystealer

Malware Config

Extracted

Family

vidar

C2

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Extracted

Family

lumma

C2

https://winnyhelplejsu.shop/api

Targets

    • Target

      Set-up.exe

    • Size

      121.0MB

    • MD5

      f282bc3dccb8840704f58325af8a5613

    • SHA1

      f69d85dab92455e90cde2d07bfeb94acc0bf8cb2

    • SHA256

      ebbd08e86147ae9a3f0d7dd36cf921494da9e10cdeb7442c54cee2076279f385

    • SHA512

      97110111373a721ca7ee1d0b9a75a947b15bf9740f54873e12e8c8e18f5b270345ce17645d440565cc175ac83577c29819f04afb380777fb469b7f7dba26220c

    • SSDEEP

      3145728:1RAwdx6CCJZV4kL64Hwrq08nS48FbRYVT0EXgGGBVs9+:Ey2L64hwbSS4NcVs9+

    Score
    10/10
    discoverylummavidarstealer

    • Detect Vidar Stealer

      stealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Vidar family

      vidar

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks