General
-
Target
Aesthetic.exe
-
Size
1.1MB
-
Sample
250630-y2vbjavlx8
-
MD5
ab66fb12b1e23a66286df73f7e48025a
-
SHA1
fa33c863134194710bc649e2560c44b7b182f1a2
-
SHA256
82b280cdcdfa131886a2606cc70d7358bfd4b220f6f39b71b70cd445f602aba4
-
SHA512
dae4afebaf457b5dc21b4d8f1b37bcc915e7fec704f344daaed1f94cc6a5ba8d696f2ea7c97f6336acde7e8be693d58735b51dc9af05d847814b89a56d23b516
-
SSDEEP
24576:D0aikHpcD68ri0/osKyC+Bzcj5ihXFTqjO3AmvX8U4Y6u27fDemKI:DrHpcDk3P+1Wk9qja3vX8U44EymJ
Static task
static1
Behavioral task
behavioral1
Sample
Aesthetic.exe
Resource
win10v2004-20250619-en
Malware Config
Extracted
lumma
https://sqgzl.xyz/taoa
https://pacwpw.xyz/qwpr
https://comkxjs.xyz/taox
https://unurew.xyz/anhd
https://trsuv.xyz/gait
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
https://liaxn.xyz/nbzh
-
build_id
5ea368b60a4a6b35a206d93be7a6de3b7adf1aac6435f0d5d4
Targets
-
-
Target
Aesthetic.exe
-
Size
1.1MB
-
MD5
ab66fb12b1e23a66286df73f7e48025a
-
SHA1
fa33c863134194710bc649e2560c44b7b182f1a2
-
SHA256
82b280cdcdfa131886a2606cc70d7358bfd4b220f6f39b71b70cd445f602aba4
-
SHA512
dae4afebaf457b5dc21b4d8f1b37bcc915e7fec704f344daaed1f94cc6a5ba8d696f2ea7c97f6336acde7e8be693d58735b51dc9af05d847814b89a56d23b516
-
SSDEEP
24576:D0aikHpcD68ri0/osKyC+Bzcj5ihXFTqjO3AmvX8U4Y6u27fDemKI:DrHpcDk3P+1Wk9qja3vX8U44EymJ
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3