General

  • Target

    Aesthetic.exe

  • Size

    1.1MB

  • Sample

    250630-y2vbjavlx8

  • MD5

    ab66fb12b1e23a66286df73f7e48025a

  • SHA1

    fa33c863134194710bc649e2560c44b7b182f1a2

  • SHA256

    82b280cdcdfa131886a2606cc70d7358bfd4b220f6f39b71b70cd445f602aba4

  • SHA512

    dae4afebaf457b5dc21b4d8f1b37bcc915e7fec704f344daaed1f94cc6a5ba8d696f2ea7c97f6336acde7e8be693d58735b51dc9af05d847814b89a56d23b516

  • SSDEEP

    24576:D0aikHpcD68ri0/osKyC+Bzcj5ihXFTqjO3AmvX8U4Y6u27fDemKI:DrHpcDk3P+1Wk9qja3vX8U44EymJ

Malware Config

Extracted

Family

lumma

C2

https://sqgzl.xyz/taoa

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    5ea368b60a4a6b35a206d93be7a6de3b7adf1aac6435f0d5d4

Targets

    • Target

      Aesthetic.exe

    • Size

      1.1MB

    • MD5

      ab66fb12b1e23a66286df73f7e48025a

    • SHA1

      fa33c863134194710bc649e2560c44b7b182f1a2

    • SHA256

      82b280cdcdfa131886a2606cc70d7358bfd4b220f6f39b71b70cd445f602aba4

    • SHA512

      dae4afebaf457b5dc21b4d8f1b37bcc915e7fec704f344daaed1f94cc6a5ba8d696f2ea7c97f6336acde7e8be693d58735b51dc9af05d847814b89a56d23b516

    • SSDEEP

      24576:D0aikHpcD68ri0/osKyC+Bzcj5ihXFTqjO3AmvX8U4Y6u27fDemKI:DrHpcDk3P+1Wk9qja3vX8U44EymJ

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks