Overview

overview

10

Static

static

3

Config.exe

windows7-x64

10

Config.exe

windows10-2004-x64

10

$TEMP/Basis.rtf

windows7-x64

3

$TEMP/Basis.rtf

windows10-2004-x64

1

$TEMP/Degrees.rtf

windows7-x64

3

$TEMP/Degrees.rtf

windows10-2004-x64

1

$TEMP/Ensures.rtf

windows7-x64

3

$TEMP/Ensures.rtf

windows10-2004-x64

1

$TEMP/Loving.rtf

windows7-x64

4

$TEMP/Loving.rtf

windows10-2004-x64

1

$TEMP/Pine.rtf

windows7-x64

3

$TEMP/Pine.rtf

windows10-2004-x64

1

$TEMP/Pm.rtf

windows7-x64

3

$TEMP/Pm.rtf

windows10-2004-x64

1

$TEMP/Tenant.rtf

windows7-x64

3

$TEMP/Tenant.rtf

windows10-2004-x64

1

$TEMP/Trunk.rtf

windows7-x64

3

$TEMP/Trunk.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Config.exe

  • Size

    1.0MB

  • Sample

    250301-l9ws4sx1bw

  • MD5

    de04368755c40b2d0b00fbb894b3d58f

  • SHA1

    ccac583d7ae83aaef3baed808d4c7a832eaf55f1

  • SHA256

    ffc3ab51f9afc6124b648903a43847d36138f9f4582e426bf2c11025ec918fe2

  • SHA512

    0f09e87152206cf0efbae4947e806df2aa1307127504729470f5e39d99aec10333505496a37f35dcea3841b54134bb74568f274d340e4ddd3e4773411afeaabd

  • SSDEEP

    24576:aw5Xa/r+mWglhh5+4YHUar9YQ/w6lxFU+P17mg+2h:rgpzncUar9YQ/ntjPR+2h

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://interfensuffer.fun/api

Targets

    • Target

      Config.exe

    • Size

      1.0MB

    • MD5

      de04368755c40b2d0b00fbb894b3d58f

    • SHA1

      ccac583d7ae83aaef3baed808d4c7a832eaf55f1

    • SHA256

      ffc3ab51f9afc6124b648903a43847d36138f9f4582e426bf2c11025ec918fe2

    • SHA512

      0f09e87152206cf0efbae4947e806df2aa1307127504729470f5e39d99aec10333505496a37f35dcea3841b54134bb74568f274d340e4ddd3e4773411afeaabd

    • SSDEEP

      24576:aw5Xa/r+mWglhh5+4YHUar9YQ/w6lxFU+P17mg+2h:rgpzncUar9YQ/ntjPR+2h

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      $TEMP/Basis.rtf

    • Size

      57KB

    • MD5

      d74a45b720551a3494d3b13e0799fba6

    • SHA1

      41103073cefe03d011dcaeb73159fe8f1aa74497

    • SHA256

      414b3af4686e667756505879e174aecae70cefc6bc9ea5acd5de81913490549c

    • SHA512

      1a1f3d9573665663815c5906ebda2914ba5a4d2df89170ef8509fa67a9240f7c328edd546c5058f4ae51074a15a54abd2382a042cf1d4e837bd3a3aa390a9418

    • SSDEEP

      768:KcCbjGL32+v9Nr5dB9wjyf8dwAcL6BAAT8ErN5yE+rmZqr+/Y01EgFrdc:iC72+NFdgRd1BAWyj611Eardc

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $TEMP/Degrees.rtf

    • Size

      93KB

    • MD5

      6561624cff78c6810b00a9aafebf28c2

    • SHA1

      9d63e271f4b519674e78610ef9a6115778c4d575

    • SHA256

      22698ab3f26072e2bd1cafe34943206a3783f31196a1b78c6ec7bb5bc395304a

    • SHA512

      4507782ec7d4ff552d91857e3a8f11d4ccefb0045f3ff61f622eef144f96a6de9640fe4d964c06d4064aef13b06e3873a47f6da24d9cf086aa4630186d313474

    • SSDEEP

      1536:mGH6D5i+bjsXP1/jc5FMJAiSoMiurAWJi7xjFVdajqJjiavjbhA9WyzTfxqWdxh3:d6d/3S/jcLEAsRawxjPwwjbZqJLd7+LG

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $TEMP/Ensures.rtf

    • Size

      68KB

    • MD5

      5f4004fa5155667b221371094fa2136d

    • SHA1

      78d7ce80d80f76754a3db416115583fb79a69aae

    • SHA256

      a66399852b38d5f2d2b122be7ca887a47095d88710c67cea72d44dbb98d1bc06

    • SHA512

      8c869add5d3078e83bad23c2a0377795799479bca80f44cb10b1cfcea5cb828abf267c1c9e0f73524c008cc49d6894260d77c82c98b55672789e31a38e6ed01e

    • SSDEEP

      1536:BYG/Rdl8h+e0hDY/ZqovQuhEPKthV6Ix1jLOMeLn:/9i+etsua2VPi

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $TEMP/Loving.rtf

    • Size

      27KB

    • MD5

      71f22b73d66adf2370bdf3f9ab941086

    • SHA1

      c7cc8938570b412a89243b588ac7cf70b947c9b4

    • SHA256

      ac214767bc378d05afeb52bfd90da5e544cbe6cbc819ecbe346c10b79e2f3ca2

    • SHA512

      caf1adce4ed75278a66b80e4407cb30844295397bca5cdadd40d6c9f31e0e4049b330e977b4768eb4fcd83ce298fe4b521d3196e8e9e3bb8b05e41ae67733717

    • SSDEEP

      768:tPFOmX30+d2EOkzwM0VbPDQTvkgyOWJg67:tPf30+WJQTC/7

    Score
    4/10
    discovery
    behavioral10behavioral9

    • Target

      $TEMP/Pine.rtf

    • Size

      59KB

    • MD5

      d988d3d5b6aef79f5170d002140b14ca

    • SHA1

      d23dce86fc2d1eb8736897a560962392694b7ff8

    • SHA256

      37009d6a9bec08c3bfb57f5ea9761bb9a0f92e388a0c77ac3c97f4e87ee13317

    • SHA512

      7311490fe785b5db37dc9c93926fa6aa60ae7e4d17cba15d04e574a0f5b39d675bd6e69b0ec673aef50428d62855c5271e98242dcc945e9ff1c44e4006f0ce26

    • SSDEEP

      1536:X8E2Cn0xjoo0Q2HcVmit+EEya1qwBqZxPMhqSVZ/:X8BMoooTCcFsERa1qwBi4NZ/

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $TEMP/Pm.rtf

    • Size

      57KB

    • MD5

      2590a31070f2d70a51d198562f9635a5

    • SHA1

      2e90be5efe42c69024729627a3ef4c280002e212

    • SHA256

      6cbe0ff763d3179032b0d5d43ddf7ab1c96c7d8b8008e81e933b60e315090801

    • SHA512

      dba8dfa1075e94774d53f0547e2f9256339d8d9419d7d9dbedd379cf4e16e7510143b943878825ee7e99a44c9032fc46cc96aef36fad9a01bd079325ad9d89ab

    • SSDEEP

      768:0YXeNr1xJrcFaC1yD0T9n1ABkrgnmAkaT2anXZrvkaUjG0Fm/n3Nr3HXMzTeogpM:FXWr1/DD0p1lomAcanFvzVSm/nd6IpCb

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $TEMP/Tenant.rtf

    • Size

      90KB

    • MD5

      5c650ef9c8033105060a70c756499920

    • SHA1

      adb89629a379bb0bdabe74beacbf74f92098c144

    • SHA256

      4aaf15cad97cec38b0a31a21c4e3258e2db5e542a1b5576736ece2bdec1ae1df

    • SHA512

      25b25f6de5894af17abd93587a9c7ddb01e7c968de6361b1cfa60fa3595fe2e41d5ad9f887828c396069842236aafd1ed9b802f3f5d2efc5184062e11348be74

    • SSDEEP

      1536:vLmGlFeVTG9Gkt02ghx8DjPQtxLWqQCyBd9wbRg7FpszlglIqGHzUxPUiG+JpB:ZbeM9GkC2ghxykbJyszzuNUiGgB

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $TEMP/Trunk.rtf

    • Size

      67KB

    • MD5

      7ca091933be9f5792311b6cfb43bdd49

    • SHA1

      28711213052fd189afc6ba33706bdfd5de8b6ec1

    • SHA256

      862e1473190aeb5cced11243f00496bdef78e72e7b38e7bba191f8335e19c524

    • SHA512

      6b913436a6a2a14b08f06b60c0d35d9b14d57659c663692870ed8843225af2b686fb32733a49e1fd9b27cf7dd5bb8cb54ec0d199135c274bec16dbd9952d1062

    • SSDEEP

      1536:Mt3QuG4X1Y0cqKnkbKJ4NWXB0ZV+dJXa8KALP1kQ/uBUvqbp:MRQ4X7KkbKqY0ZEd8we/BgQ

    Score
    3/10
    discovery
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks