Overview

overview

10

Static

static

1

SoftV10.16.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SoftV10.16.zip

  • Size

    54.7MB

  • Sample

    250410-t88ehsxvav

  • MD5

    2b4fbe0df60ebec2ff0954762b4a5fde

  • SHA1

    ddc6ec51c8681eaa65edeb259ce4eede6272cab7

  • SHA256

    573adec2017ad15a98161a9aa7c9d80e526af74bb87c73616512c8f3a98966c4

  • SHA512

    5fd7033af6b9306d7d632047a5558f71a22a1acab2ea0a4dae498550cf60b8ca5a8b7dc8067033c58541a7d95492031aba2875824b375ce98ade110a6e41a07d

  • SSDEEP

    1572864:TlYTTJC5XR597XxJR578+tVAJsch4UrwHA4Kx:TliJC5XR597hZ78+EJseUzKx

Score
10/10
lummadiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://flourishfo.run/ayuio

https://soursopsf.run/gsoiao

https://changeaie.top/geps

https://easyupgw.live/eosz

https://liftally.top/xasj

https://upmodini.digital/gokk

https://salaccgfa.top/gsooz

https://zestmodp.top/zeda

https://xcelmodo.run/nahd

Targets

    • Target

      SoftV10.16.zip

    • Size

      54.7MB

    • MD5

      2b4fbe0df60ebec2ff0954762b4a5fde

    • SHA1

      ddc6ec51c8681eaa65edeb259ce4eede6272cab7

    • SHA256

      573adec2017ad15a98161a9aa7c9d80e526af74bb87c73616512c8f3a98966c4

    • SHA512

      5fd7033af6b9306d7d632047a5558f71a22a1acab2ea0a4dae498550cf60b8ca5a8b7dc8067033c58541a7d95492031aba2875824b375ce98ade110a6e41a07d

    • SSDEEP

      1572864:TlYTTJC5XR597XxJR578+tVAJsch4UrwHA4Kx:TliJC5XR597hZ78+EJseUzKx

    Score
    10/10
    lummadiscoveryexecutionspywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks