Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ModMenu.exe1.exe

windows7-x64

10

ModMenu.exe1.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ModMenu.exe1.exe

  • Size

    762KB

  • Sample

    250313-p1d4gswjt3

  • MD5

    a2f90072225a24e54afd50bb7e6d9b22

  • SHA1

    5e98f0335ae6dce3fe2702202e9fe2f5983fa776

  • SHA256

    edb5eafb528ee827210fa70e02a614a3332d9ffbb991f5d7b748e85972b44e40

  • SHA512

    7dfa1991c0de1728ca8e45dbdc89c98d3211aab4a9c11e148be937e2e7335aaa2fc305fc58ed173a1ed8849fa8d4626016d9d325c7c47e14a5deecb3e194ec29

  • SSDEEP

    12288:EIJQ/s2kiatVPnIpbWiJ621POPAANU/4ab9eItZgZ295Fy52RI8uyB1lKpJ:VBnIpnJhdQAANeJIty5c5Q53zuJ

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://citydisco.bet/api

https://crosshairc.life/api

https://mrodularmall.top/api

https://jowinjoinery.icu/api

https://legenassedk.top/api

https://htardwarehu.icu/api

https://cjlaspcorne.icu/api

https://bugildbett.top/api

https://weaponrywo.digital/api

Targets

    • Target

      ModMenu.exe1.exe

    • Size

      762KB

    • MD5

      a2f90072225a24e54afd50bb7e6d9b22

    • SHA1

      5e98f0335ae6dce3fe2702202e9fe2f5983fa776

    • SHA256

      edb5eafb528ee827210fa70e02a614a3332d9ffbb991f5d7b748e85972b44e40

    • SHA512

      7dfa1991c0de1728ca8e45dbdc89c98d3211aab4a9c11e148be937e2e7335aaa2fc305fc58ed173a1ed8849fa8d4626016d9d325c7c47e14a5deecb3e194ec29

    • SSDEEP

      12288:EIJQ/s2kiatVPnIpbWiJ621POPAANU/4ab9eItZgZ295Fy52RI8uyB1lKpJ:VBnIpnJhdQAANeJIty5c5Q53zuJ

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks