Overview

overview

10

Static

static

1

1737154984...».zip

windows11-21h2-x64

10

Resubmissions

16/04/2025, 19:57

250416-yph3qsvtgy 10

16/04/2025, 19:49

250416-yjxzpsvtdw 10

16/04/2025, 19:49

250416-yjspzsvtdt 10

18/01/2025, 00:00

250118-aaawtaxjgz 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1737154984__«FîleReady▬PassWord▬Is☼◄172303►».zip

  • Size

    407KB

  • Sample

    250416-yph3qsvtgy

  • MD5

    ced26414ca3f2e9d6e330d76f9183f62

  • SHA1

    f640e5339538a581d87c70b5046f109130c107d9

  • SHA256

    75026653cd9be402306f50674ed7f8abead6d29517b76cda4a30ff1328798f3b

  • SHA512

    be7e1e3f3ce3a1b8316fcafd1afb02155df31a7e38fd439d3c9c2c79b20f07ae94c7953ba363e94eef1c39bd46198c0d826f9632f4e5bae962450a5a052ec0a8

  • SSDEEP

    6144:FW1lD8lJNW/1ny1qK2DpyKs2MVUGE1tg+El92nLKq4BDr6iJW/GsF02gjOtW5Ap1:krCoNhgKs2MWgJl9xKiJW+A02yV6a+

Score
10/10
lummadiscoveryexecutionpersistencespywarestealer

Malware Config

Extracted

Family

lumma

C2

https://clarmodq.top/qoxo

https://jawdedmirror.run/ewqd

https://changeaie.top/geps

https://frlonfgshadow.live/xawi

https://liftally.top/xasj

https://nighetwhisper.top/lekd

https://salaccgfa.top/gsooz

https://zestmodp.top/zeda

https://owlflright.digital/qopy

https://darjkafsg.digital/aoiz

https://lonfgshadow.live/xawi

https://fjliftally.top/xasj

Targets

    • Target

      1737154984__«FîleReady▬PassWord▬Is☼◄172303►».zip

    • Size

      407KB

    • MD5

      ced26414ca3f2e9d6e330d76f9183f62

    • SHA1

      f640e5339538a581d87c70b5046f109130c107d9

    • SHA256

      75026653cd9be402306f50674ed7f8abead6d29517b76cda4a30ff1328798f3b

    • SHA512

      be7e1e3f3ce3a1b8316fcafd1afb02155df31a7e38fd439d3c9c2c79b20f07ae94c7953ba363e94eef1c39bd46198c0d826f9632f4e5bae962450a5a052ec0a8

    • SSDEEP

      6144:FW1lD8lJNW/1ny1qK2DpyKs2MVUGE1tg+El92nLKq4BDr6iJW/GsF02gjOtW5Ap1:krCoNhgKs2MWgJl9xKiJW+A02yV6a+

    Score
    10/10
    lummadiscoveryexecutionpersistencespywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

2
T1120

Query Registry

5
T1012

Remote System Discovery

1
T1018

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks