Analysis
-
max time kernel
103s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
12/04/2025, 23:54
General
-
Target
2025-04-12_06407c80d5bd4be7824be494529fff53_black-basta_elex_hijackloader_icedid_luca-stealer.exe
-
Size
14.7MB
-
MD5
06407c80d5bd4be7824be494529fff53
-
SHA1
b499df375f84422222add9495d157309c3b39f06
-
SHA256
a350c2d5be446df3d9c3dc8a25dff24b9246d6a7fc95d84451436620df3cec08
-
SHA512
9b16938034c1aca7380512cf0bbe804e438f5a6dca658e699bb8c6be80dc4fc01c970a889cc1401c8836dc2974e1b4fe600b3c918a54b05be889badda1ccc2e7
-
SSDEEP
393216:YwtzFGGq9Y+nDRjzcW3xV0IwAEmnPRpFC:YOzFGGKZp13xVwmPXo
Malware Config
Extracted
lumma
https://zestyasd.run/igsup
https://jrxsafer.top/shpaoz
https://gplantainklj.run/opafg
https://puerrogfh.live/iqwez
https://quavabvc.top/iuzhd
https://radvennture.top/GKsiio
https://targett.top/dsANGt
https://rambutanvcx.run/adioz
https://6ywmedici.top/noagis
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-04-12_06407c80d5bd4be7824be494529fff53_black-basta_elex_hijackloader_icedid_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-04-12_06407c80d5bd4be7824be494529fff53_black-basta_elex_hijackloader_icedid_luca-stealer.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
400KB
-
Filesize
400KB