lumma | 80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe

Resubmissions

29/01/2025, 08:13

250129-j4gqwsznaq 3

29/01/2025, 08:08

250129-j11plazmem 3

29/01/2025, 08:01

250129-jwwvvavpfy 3

29/01/2025, 07:41

250129-jjhgpavla1 10

Sharing

Copy URL

Twitter E-mail

General

Target

Xeno-v1.1.0-x64.zip
Size

4.5MB
Sample

250129-jjhgpavla1
MD5

93357db14af91a53bcab556e80103c1c
SHA1

7643f56e7ceace571c7000b937275f747af659af
SHA256

80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe
SHA512

5a46cb9f2a3ce090eb44e57609dd12bff268d5df09666ec1fb71f7e9f9d170a58994c4a5a1eef3e23fd91e08f3b47b6d90954cb9477017a71f81c1e1e950f1e4
SSDEEP

98304:9ooNYRM5U7aEg/d2OWTjSQxc7p9KK2P9nHGyZEW3T7fI:9ooNYe5ebg/dVUjqOK21mGEYT7fI

Score

10^/10

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Targets

- Target
  
  Xeno-v1.1.0-x64.zip
- Size
  
  4.5MB
- MD5
  
  93357db14af91a53bcab556e80103c1c
- SHA1
  
  7643f56e7ceace571c7000b937275f747af659af
- SHA256
  
  80c4016577c11791f64e2d43e1dfad2b01adf7276100400a4421b48df6e6fbfe
- SHA512
  
  5a46cb9f2a3ce090eb44e57609dd12bff268d5df09666ec1fb71f7e9f9d170a58994c4a5a1eef3e23fd91e08f3b47b6d90954cb9477017a71f81c1e1e950f1e4
- SSDEEP
  
  98304:9ooNYRM5U7aEg/d2OWTjSQxc7p9KK2P9nHGyZEW3T7fI:9ooNYe5ebg/dVUjqOK21mGEYT7fI
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Xeno-v1.1.0-x64/Install dependencies.bat
- Size
  
  1KB
- MD5
  
  eb4b04fbf3be04946d84a01ede5cbe9a
- SHA1
  
  c03837830a409c2ef177925bd3e4ec9544cc5031
- SHA256
  
  f545d644196419b41eadae3f0846888c396284cc148c780916c0d96a07f71b40
- SHA512
  
  42dae275458e8f23383285087cda5dad95bfee58bdb86dc1b6c07373296e35f99fd3c249fe022a5bbd3e9b0a465b6231922267fb330d6b5febeb7a731d320749
Score

1^/10
behavioral2
- Target
  
  Xeno-v1.1.0-x64/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral3
- Target
  
  Xeno-v1.1.0-x64/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral4
- Target
  
  Xeno-v1.1.0-x64/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral5
- Target
  
  Xeno-v1.1.0-x64/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral6
- Target
  
  Xeno-v1.1.0-x64/Xeno.dll
- Size
  
  1.3MB
- MD5
  
  538ce914853d942471aca19f7344ee45
- SHA1
  
  d34ea715f5ac65a61f753119ec1534dd712a37e1
- SHA256
  
  887ea84d65f10821d48dcb3678dc8834338d1e2e13915f6b6b02971a2fb0bcf2
- SHA512
  
  f487a9c7cd301ecc51b8f5890e1aa223b9f4373aba3e75d71cba0e3bcbdf7032a365bd23e8ae19520bfa90962c6cd36410bb7f83f8f173b25f2ec1f87592cd03
- SSDEEP
  
  24576:1IdKiywcIFdxMJm2yOCvDLuMyw+wwZzNggeCaGtNm1pKy:1IdKiIgpvDKMz+9ZzNgKaK41z
Score

1^/10
behavioral7
- Target
  
  Xeno-v1.1.0-x64/Xeno.exe
- Size
  
  140KB
- MD5
  
  f0d6a8ef8299c5f15732a011d90b0be1
- SHA1
  
  5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf
- SHA256
  
  326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b
- SHA512
  
  5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27
- SSDEEP
  
  3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxDhBury:2hK4XycqgpfCup5sVxuZ04bhA
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral8
- Target
  
  Xeno-v1.1.0-x64/XenoUI.deps.json
- Size
  
  2KB
- MD5
  
  f264dff8b12b6341b6bb97f9cea46324
- SHA1
  
  f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74
- SHA256
  
  16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905
- SHA512
  
  4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93
Score

3^/10
behavioral9
- Target
  
  Xeno-v1.1.0-x64/XenoUI.dll
- Size
  
  95KB
- MD5
  
  0c693fdf5031de28e139121866d4e71f
- SHA1
  
  d4e3f81ce0ac00efbc537b6aa4ebc07f039aaf9a
- SHA256
  
  3788b42e87c69c077868856b07c03e8606e0f49389c947231701100d99337e1c
- SHA512
  
  4298a579eea032e794ac4aaa2e18c793fbe0d3f33a2f8e948fde510427e604f06072b71703183c9ca88c73a805627187241f47845a9f16822243388ae5cb42af
- SSDEEP
  
  1536:gOTgjZ0JbSfMuafhOWR42zxMVY6dTPr/Wa5iiphLuM/APHV5y6SlSW8zXR:bT+WytdTPr/WAbK7Pby6S+zXR
Score

4^/10

discovery
behavioral10
- Target
  
  Xeno-v1.1.0-x64/XenoUI.exe
- Size
  
  140KB
- MD5
  
  f0d6a8ef8299c5f15732a011d90b0be1
- SHA1
  
  5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf
- SHA256
  
  326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b
- SHA512
  
  5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27
- SSDEEP
  
  3072:2hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxDhBury:2hK4XycqgpfCup5sVxuZ04bhA
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral11
- Target
  
  Xeno-v1.1.0-x64/XenoUI.pdb
- Size
  
  38KB
- MD5
  
  4a66dcb58bf6ba9f206f827ff97c7407
- SHA1
  
  922f6023fc4ba972392126dec7f194704b40ef2e
- SHA256
  
  37463a799a21a8df01f42e0db8dc7d545d5674913ef5c1cc8373fb85807c5abc
- SHA512
  
  9757e0659af322e270f2c687a24e9115a54a1a31fdf4fbc40f8e0ca6c7794e1e9ef62ea4cb6a4aa29f9efb5d92566f9975903c9e7494f8e1d3c94a69270384bd
- SSDEEP
  
  768:9TB9Zlxdt3jhZjgvohRe8C70jleXa6UTqDY4tgJftyY:9pdt3vpC70cXb7gJVL
Score

3^/10
behavioral12
- Target
  
  Xeno-v1.1.0-x64/XenoUI.runtimeconfig.json
- Size
  
  515B
- MD5
  
  e0f6f18f9b152bc2d8c710b0214805d6
- SHA1
  
  ae3d39e59fd6edc05792a76cdf4f02a637f52e29
- SHA256
  
  89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd
- SHA512
  
  80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e
Score

3^/10
behavioral13
- Target
  
  Xeno-v1.1.0-x64/autoexec/test.txt
- Size
  
  29B
- MD5
  
  649d2f9bbd50814244547e4e140a95e0
- SHA1
  
  c7d1725852f659487fd8b70fe7c2c32420732734
- SHA256
  
  2bc836b0f80c7100d8125e8c17235e62ffb93929103a64af004ee2eef1b03c92
- SHA512
  
  ba058df5f0573884ea2a6c481fa7157cc23959607b1493cc4304bc68358a473dff4bde96e43cd17e0bf82e1fdb01374f0a13719aeddd2127639259b70ce7edb8
Score

1^/10
behavioral14
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
- SHA1
  
  982a05814546017c40771e59e7677b53d84787e9
- SHA256
  
  f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
- SHA512
  
  9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
- SSDEEP
  
  3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral15
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral16
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  4KB
- MD5
  
  eebda1fdd970433750c115eae2f03865
- SHA1
  
  3f1a1cddb99dead013eac825eb418241656d4bf0
- SHA256
  
  ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7
- SHA512
  
  8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb
- SSDEEP
  
  96:HDGAW6FJJJkCO8evcIWtdrvrg+1/sLMiWAOKjLobLMzD:BWCDqC20IWtZD92pzOKvomD
Score

3^/10

execution
behavioral17
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.css
- Size
  
  294KB
- MD5
  
  23c7db6e12f6454ef6e7fb98d17924d8
- SHA1
  
  06398b44a338db5eeab2d461347334fc69af5af1
- SHA256
  
  615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451
- SHA512
  
  5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924
- SSDEEP
  
  6144:TzsUTrsZ7KcNkuwcv2As0aMY/Y/RR9MtpWKco:TzsUTrsZXkW4/50i
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral18
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  2dc0068cdbc03ce43a75ab0b2df664e2
- SHA1
  
  817a209e179466dc8a14e05eb11a6c1b7e3d71eb
- SHA256
  
  b604b6148f70fe9db882cce2a7d327b2422ad2f203a805491002a8c564e3c3ff
- SHA512
  
  1ce29ed21e027d3552dc05162250bd62d66555f7b9ff48c9c94116d1e696089c32851533e7db30a7507a85b598df8fbf66292904c446536ccd3b2c60209d9d3d
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Ddv6QLtQ2MbRpn:Yxk98EXl2ixjP3Ddv6QLtdMf
Score

3^/10

execution
behavioral19
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  46KB
- MD5
  
  d1fd2fb756c73970b9c5e0ba07bff708
- SHA1
  
  470057b3244886dccc9f6074297cc8bc2a9c1b39
- SHA256
  
  cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828
- SHA512
  
  db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf
- SSDEEP
  
  768:ocuLC1xYdRB1a3Xq1GdigBoQqAaI/QQUEYPxFpXT1kF7bJZYmz7lehjDWMQRBk3Z:oclxgVuXq1GdiRQqAaI/QvEYPxFpDkbg
Score

3^/10

execution
behavioral20
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  46KB
- MD5
  
  36f546b28ca17ece9f8eb9bcf8344e13
- SHA1
  
  d43934b9041587799e332b2f568aa81666227258
- SHA256
  
  327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654
- SHA512
  
  13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d
- SSDEEP
  
  768:oX8nKFyVgAYwTQG8zHqIkGMvnmvoKA9OfxjB3EVuU13pjbazPn0ANy7+IkLDKPp9:oMKFyVRcdzHqIkGMvnmvoKA9OfxjB3E5
Score

3^/10

execution
behavioral21
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  49KB
- MD5
  
  1a29080733878dd44e0c118e84cd0c39
- SHA1
  
  60c158e23962b11918f6cae26445fad5b63bc65a
- SHA256
  
  6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8
- SHA512
  
  5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60
- SSDEEP
  
  768:op8flgb2uZ5CcXQ6Q3edz3uzATaY3l0y+wj90TWIvkU5BkREPTtOjNjZocYV3A4k:owliv5Ccg67SATaYVKPkRskjNGBAa3k
Score

3^/10

execution
behavioral22
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.it.js
- Size
  
  48KB
- MD5
  
  18e88f58301ad5ae926204507ab99c6b
- SHA1
  
  8eb03235312e88b941f3be212c0efa12b24e6d5f
- SHA256
  
  4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c
- SHA512
  
  f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013
- SSDEEP
  
  768:opTEy7izsuMa01VaiYR2L8XoXNj8YtvnYbP4ymMb3d/gyKJdnPTrysribj5K3m05:of7fQ2qd4yq2FA1J1qn4VN7CgL
Score

3^/10

execution
behavioral23
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  52KB
- MD5
  
  3bf851cc70f515cbbe1d39da93e4f041
- SHA1
  
  88fe6323bbe14b55b6eec078574318e8474be613
- SHA256
  
  1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f
- SHA512
  
  61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d
- SSDEEP
  
  384:hyd/PwPtm+04LZ+FFHr0ZA9qOSTvvIEveG1vz14NdahWMpA1Uj4vHbX3IPDScLBV:olP4LsIOCaT3lJr/Tvk6892vU1ssD
Score

3^/10

execution
behavioral24
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.js
- Size
  
  38KB
- MD5
  
  e871d4d9539c26d7d2bf32801ebdecf0
- SHA1
  
  711460f619ef09fa23d272d97bfc00593a5319a8
- SHA256
  
  5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a
- SHA512
  
  b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced
- SSDEEP
  
  384:hy38McmvQkKEQq4xlX7lrp1E1bIJUeYB4jV87XfVGT3H6Sq6Q4wCJjoce1u6I7JS:o38M7fQq4xPj7+lJcYYKqkGSVetbesy
Score

3^/10

execution
behavioral25
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.ko.js
- Size
  
  46KB
- MD5
  
  60fcd422ac97a1b645ff48cb6928f7af
- SHA1
  
  da5b57dfbd257720155e303f0e75e263f0e74190
- SHA256
  
  98e649fa40d8e2ccfdc212341feb8165a7d7bbec31e8a77d9819ad9474e4b8ba
- SHA512
  
  52439f47f1e12ccf37db40f9fa8fa4966579cd6b327cde1768187cd7fdc7ebdd444e1953e29ed09bdced40d764c2e8f7131d44908c00bfd350e856a9df661aa4
- SSDEEP
  
  768:oNOnmkUxK1pLkKgljQM1r0xXDj8kE6q2XlGZrAPPvzcDzr5u1QrWp4cX6go:o4ZUxKgKzxzrE63GZrAPPkrmQKp4cX6L
Score

3^/10

execution
behavioral26
- Target
  
  Xeno-v1.1.0-x64/bin/Monaco/vs/editor/editor.main.nls.ru.js
- Size
  
  75KB
- MD5
  
  6e7d5b984917b00f131c47473ce2b866
- SHA1
  
  97f94134ff8f73ab48c0635550f2d8054c239c7f
- SHA256
  
  1bb069d95a395bf258d1f262814591aa762c4b30529adde32ccbcaa7c7ca508d
- SHA512
  
  f2595e7e1812073c50bfa058db3c7918dd8d7a6f0d20a576c68d854a4c61ed74bef3ad5ab23430567065677d737d81c7f17010055a069b9e38b5594d65e882a0
- SSDEEP
  
  1536:ox/PFmMhjpIMbBBKOXnPCSHhiaV6can9oA2yG+YQI/Y:QbhjpIcB8OXdHhiXcanGA2yGiI/Y
Score

3^/10

execution
behavioral27
- Target
  
  Xeno-v1.1.0-x64/bin/Tabs/1d0dee03-e6ef-445a-998d-88b62abc9d7c
- Size
  
  504B
- MD5
  
  db476949b78eccf146010ec7cd06fd74
- SHA1
  
  bbe5d80371036686803b3295d777529a159e2e8d
- SHA256
  
  079dcc9a59733d754b9e2968ce9d28d39b8494f4023540a0ec7c727045f5eb8b
- SHA512
  
  a3cb44592b12006c6fe817f45b870d25271874b566a65cc69b3b0bdb54f9fd0c5efb76cde47867d70259d8e6983cd6258b97a82d15c717b4dad1c932116ddc2f
Score

1^/10
behavioral28
- Target
  
  Xeno-v1.1.0-x64/bin/Tabs/config.json
- Size
  
  79B
- MD5
  
  60071e8a5a726d83a8ea90c02952e1b5
- SHA1
  
  58da755543a5ed12a9ec16aa053b064ff604a637
- SHA256
  
  6fd4e99e3fc726324dfa1ae1af4d74ff60d65cac08051feb1d5f327a000e0325
- SHA512
  
  919464f77ad756ab6b2e01c6db278317876e67869eeca9d084a0b243e79ad4dd94dfc1420602e7da1fe7a93a3f927dcd4d9fa4d67ce35f72f6c3e8418c6d058d
Score

3^/10
behavioral29
- Target
  
  Xeno-v1.1.0-x64/bin/settings.json
- Size
  
  160B
- MD5
  
  a64b02c0f0cb0b32089d30f70895a569
- SHA1
  
  8e602efa81ad229051a980290895a476e68f71df
- SHA256
  
  40a5de67445ebb897c8f895f4c8e515964ba06cde4080847642749490bde0581
- SHA512
  
  5506899b6442ebe3a8af9a4fb9a452adbd0075c99ac803336bd7bc3e8c2d4d5641ff9d6aba27340e1fff1c2fffbd4d16abaa6ffec5a8baff32c834acb9cc03fe
Score

3^/10
behavioral30
- Target
  
  Xeno-v1.1.0-x64/scripts/Sine Wave.lua
- Size
  
  1KB
- MD5
  
  0bbb2aebfadc119226992045dcaa30b4
- SHA1
  
  6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72
- SHA256
  
  a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b
- SHA512
  
  b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8
Score

3^/10
behavioral31
- Target
  
  Xeno-v1.1.0-x64/scripts/Spinning Donut.lua
- Size
  
  1KB
- MD5
  
  967403f0ecb43917e841a085851b732d
- SHA1
  
  b09f3bef3e9fe87970b48db46529c611c302db16
- SHA256
  
  cb1a35b6ae394e479b97aa1f946ca21b8794dd0d60b08b85bf89fa5b35a4d8da
- SHA512
  
  34e83a25f330243faf86b62923a873a9104fa62f756a66074905f7980475581eded0a92cd88b6beba9b6424fb7f2a9cd743627871f80d51ff36c39f28ccb29b3
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Executes dropped EXE

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Legitimate hosting services abused for malware hosting/C2

Legitimate hosting services abused for malware hosting/C2

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32