Overview

overview

10

Static

static

1

1737154984...».zip

windows11-21h2-x64

1

«FîleRea...�».7z

windows11-21h2-x64

1

Set-up.exe

windows11-21h2-x64

10

Resubmissions

16/04/2025, 19:57

250416-yph3qsvtgy 10

16/04/2025, 19:49

250416-yjxzpsvtdw 10

16/04/2025, 19:49

250416-yjspzsvtdt 10

18/01/2025, 00:00

250118-aaawtaxjgz 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1737154984__«FîleReady▬PassWord▬Is☼◄172303►».zip

  • Size

    407KB

  • Sample

    250416-yjxzpsvtdw

  • MD5

    ced26414ca3f2e9d6e330d76f9183f62

  • SHA1

    f640e5339538a581d87c70b5046f109130c107d9

  • SHA256

    75026653cd9be402306f50674ed7f8abead6d29517b76cda4a30ff1328798f3b

  • SHA512

    be7e1e3f3ce3a1b8316fcafd1afb02155df31a7e38fd439d3c9c2c79b20f07ae94c7953ba363e94eef1c39bd46198c0d826f9632f4e5bae962450a5a052ec0a8

  • SSDEEP

    6144:FW1lD8lJNW/1ny1qK2DpyKs2MVUGE1tg+El92nLKq4BDr6iJW/GsF02gjOtW5Ap1:krCoNhgKs2MWgJl9xKiJW+A02yV6a+

Score
10/10
lummazloaderbotnetdiscoverypersistencestealertrojan

Malware Config

Extracted

Family

lumma

C2

https://futfilcreat.cyou/api

Targets

    • Target

      1737154984__«FîleReady▬PassWord▬Is☼◄172303►».zip

    • Size

      407KB

    • MD5

      ced26414ca3f2e9d6e330d76f9183f62

    • SHA1

      f640e5339538a581d87c70b5046f109130c107d9

    • SHA256

      75026653cd9be402306f50674ed7f8abead6d29517b76cda4a30ff1328798f3b

    • SHA512

      be7e1e3f3ce3a1b8316fcafd1afb02155df31a7e38fd439d3c9c2c79b20f07ae94c7953ba363e94eef1c39bd46198c0d826f9632f4e5bae962450a5a052ec0a8

    • SSDEEP

      6144:FW1lD8lJNW/1ny1qK2DpyKs2MVUGE1tg+El92nLKq4BDr6iJW/GsF02gjOtW5Ap1:krCoNhgKs2MWgJl9xKiJW+A02yV6a+

    Score
    1/10
    behavioral1

    • Target

      «FîleReady▬PassWord▬Is☼◄172303►».7z

    • Size

      407KB

    • MD5

      8f546fd8bc2b52410b1664cc4353f96e

    • SHA1

      074a7013eb459c4a60f079ccb53dc0a6fd3da916

    • SHA256

      70242bb3e670a4ead187ffe778b034eb96dc862188157715247a213ed3e73aa5

    • SHA512

      f937ce99517d6acb08f4605d761adf3d5b18196d8f87423bcd879df5d3b67d04758ca1a63fbfb3e1963732de1f0a76648e497f6d9d846fd896aadc2ceb8e8d2a

    • SSDEEP

      6144:qW1lD8lJNW/1ny1qK2DpyKs2MVUGE1tg+El92nLKq4BDr6iJW/GsF02gjOtW5ApN:VrCoNhgKs2MWgJl9xKiJW+A02yV6au

    Score
    1/10
    behavioral2

    • Target

      Set-up.exe

    • Size

      1.6MB

    • MD5

      ff33d1aafaa5e7500d300224ee43283c

    • SHA1

      e2cd7ecdb1365ef11324e34398e0d1e301622e77

    • SHA256

      5c5d7028d222396fb174c5140a303a0f84e157b9dcf7b8a36078bb354cd2694f

    • SHA512

      f12624c225598b443e07157e166ca4ee8fbc4cb1748f4d077305b7c5c9cc5e9c3545c05ebefcc1cffafad4fed32393af10fa19dce45d360c556f3ea95a54366f

    • SSDEEP

      12288:qaoZa6HOfmrc414HSQgT/J0Hu+5pIvrjpk0xf3Frb+nKuhCFDmBcos+:bgB4HPgTB035pIvrjbxf3Fv6hkDBos+

    Score
    10/10
    lummazloaderbotnetdiscoverypersistencestealertrojan

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Zloader family

      zloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3

MITRE ATT&CK Enterprise v16

Tasks