General

  • Target

    GenuisStrapper.zip

  • Size

    3.1MB

  • Sample

    250630-y6cx2svmv7

  • MD5

    07772535433bfd50b105b99d93fbc47d

  • SHA1

    4c6e7fb165e26eed17198ca1a6431e910d7ca0e1

  • SHA256

    5f1bce02065e131ca65496baa84c6b9ae0f40a38911e8c3635ceef071ba6db35

  • SHA512

    62c24ac2313e127e7c59a11264c1eb30c1dc96da5daf23da777b6c3832f320d1e0bcbac9d52b10896758931422a549cb6533498f1bd6392cab93d27f2acd67e3

  • SSDEEP

    49152:1ItzIrR3oNgJr9ITxM73OXvj84hAc4SNIpgmCuT7iTc6i+Ghb9Smoj:Mzw+NgJraT2cvr4CIpDCuT7iTi+GRImw

Malware Config

Extracted

Family

lumma

C2

https://invertdbdi.top/xjit

https://gewgb.xyz/axgh

https://skjgx.xyz/riuw

https://ropyi.xyz/zadf

https://spjeo.xyz/axka

https://baviip.xyz/twiw

https://shaeb.xyz/ikxz

https://firddy.xyz/yhbc

https://trqqe.xyz/xudu

Attributes
  • build_id

    950a1284e85f7c6ca2b5599becbc8e052f6e718070c9afd114

Targets

    • Target

      GenuisStrapper.zip

    • Size

      3.1MB

    • MD5

      07772535433bfd50b105b99d93fbc47d

    • SHA1

      4c6e7fb165e26eed17198ca1a6431e910d7ca0e1

    • SHA256

      5f1bce02065e131ca65496baa84c6b9ae0f40a38911e8c3635ceef071ba6db35

    • SHA512

      62c24ac2313e127e7c59a11264c1eb30c1dc96da5daf23da777b6c3832f320d1e0bcbac9d52b10896758931422a549cb6533498f1bd6392cab93d27f2acd67e3

    • SSDEEP

      49152:1ItzIrR3oNgJr9ITxM73OXvj84hAc4SNIpgmCuT7iTc6i+Ghb9Smoj:Mzw+NgJraT2cvr4CIpDCuT7iTi+GRImw

    Score
    4/10
    • Target

      CHEKME.txt

    • Size

      17B

    • MD5

      07b36e8d23a485d9014904e2a8c96ce4

    • SHA1

      05d761cb191ec27f05b80f4e84ad40274a219237

    • SHA256

      b670cca2defb7c3402788738a331ee3841e6aa42720d5cefa401fe13fad0d192

    • SHA512

      d7e225d581011dc97eb052ec86c3e0b12939aa632e68992224db2e664f37937b12d9278e5666dc5711c23360cfe6c7762b28044e1fe23e917a967a5e77cee039

    Score
    3/10
    • Target

      GenuisExploit.zip

    • Size

      3.1MB

    • MD5

      d4c9204e5d263e7aeeb5d40cd96e1b6d

    • SHA1

      277366379dcc0cd6979c6252994fe64246e870cf

    • SHA256

      8bf97221c08fad1ffe276796ff3defada1846fe21f696966cdb4ee1ce3c60e71

    • SHA512

      a2e5226adb60235965a12ab62b588abacd13cfcec169094ac9e1af7857f64c35f5b3e4a2c0aea23402aaf7644f063c2b4c4cf2f3ea570c0e89b4f909b809bf1e

    • SSDEEP

      98304:vZq2HR1yqkatUpNEKdrCXJaDV5Iy+SLJjc9:Bqw3Vtax4JS0oLJ49

    Score
    1/10
    • Target

      GenuisExploit/Abtustrapper.exe

    • Size

      1.1MB

    • MD5

      1589ba86a73986914ec4443817b2b25b

    • SHA1

      bf29b7e6e39b0fac33d7c65e661a028a78db5162

    • SHA256

      21fe970ad6ad795b819f725f0218bf7133ff825d46f0af1f983ecedd8d247862

    • SHA512

      cffdc4d6001069cf9f2e7f1d95ead74a18049efbb8af592d88b184bbffca2063e3cffa600435807d53badf0d47a54363f901e78ba90890c73cdaf826ccf1629a

    • SSDEEP

      24576:b0ab70+TxTLTxmENdFvZ8pDjxcHNiarRlqFh9Clcjde+h5OYOp:bzdpdxmpDjxcH4arDqAcjde++p

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      $TEMP/Tribe.wmv

    • Size

      478KB

    • MD5

      cb5545f27aec46a5edc7124012250698

    • SHA1

      6cc37dd6cac23341041853c948fc87acd22dc1b7

    • SHA256

      e8720225949809ead8e431083ce56bf84ec022138341a9298897e6bfa92773bd

    • SHA512

      92b34eecc4babd18f2dbadac08ede279fa2040b7d9568793b6ae0fdfd73b0529fce3024fbef76f39b174d22b11e70db59ee6d705d681c40db4fcd32a770ef3f7

    • SSDEEP

      12288:Oi2M1p2ocotcw27hTMAv42pls8jNfFg8i2GJOO49yOGaFEhb:Oi28cotcw2FTMS4Mlxj1F5w5OGaE

    Score
    1/10
    • Target

      GenuisExploit/Workspace/.tests/appendfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    3/10
    • Target

      GenuisExploit/Workspace/.tests/getcustomasset.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    3/10
    • Target

      GenuisExploit/Workspace/.tests/isfile.txt

    • Size

      7B

    • MD5

      260ca9dd8a4577fc00b7bd5810298076

    • SHA1

      53a5687cb26dc41f2ab4033e97e13adefd3740d6

    • SHA256

      aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

    • SHA512

      51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

    Score
    3/10
    • Target

      GenuisExploit/Workspace/373f5d42922fa6b5ac57adbb41b8015f-cache.lua

    • Size

      327KB

    • MD5

      3cf835cb8c9c25b2debfd164f3b5acab

    • SHA1

      973c8195b710079e72cf4f0c9e819f9434b85900

    • SHA256

      d10aa3cabff1a991014244e4349f77730bbf1c6e6ac16b0411dca5c4d4efa4ae

    • SHA512

      0089a54f08fe6c211984610de8489c2a899b1f74ed806c25c69a80736fd14dfa617b47cd3ee954f9c27b9b70ce262c2e7729fec800d4b7546b4950df3a1ba0bf

    • SSDEEP

      6144:IU0todyyPGaBeAUZIhrYckgZO1et/rrxpAzSefTE59JtzZNqy/:IUuo0y9TUGh8vQYO/rdiVe7p

    Score
    3/10
    • Target

      GenuisExploit/runtimes/app.asar.unpacked/node_modules/btime/binding.node

    • Size

      118KB

    • MD5

      13a2579ed95366185a6247c9e4b9f0cc

    • SHA1

      61fef12da622484e44b3c9ddcd61706c9af00aa0

    • SHA256

      98c51303c38dc03faeeba13f26fa3c6645d0c1a502b8a5d28177ce015dacf35f

    • SHA512

      7aae5a45f5333355c81e4a7468d40c9d814a1b242c99a39747fea9b66e277dd1060bda290fc980e958beccab2ac0232fc4aba078426ac5ae39c19968ae8f58d0

    • SSDEEP

      1536:OMwHUFyUCyB7KdX2teZOpSPtvdO+tYLZI2mAq+J6sWyd09dlgh7tBrdO6t2:hwjUCyB7eC8OpSS+tYLZI5+NMKFdO6t

    Score
    1/10
    • Target

      GenuisExploit/runtimes/app.asar.unpacked/node_modules/get-fonts/binding.node

    • Size

      125KB

    • MD5

      eeb1d1ea9fc3f870f292161cfa79850d

    • SHA1

      ea4f4324245f9f4d6280ef285151f688221d6023

    • SHA256

      149bc3824ecbf68f7a892a311e77548ea156963b88db0590063b50725c9d883c

    • SHA512

      795269fba2737ca51d61bb0f6e674c8ed45f2590a48d1dbc53adae9a85b5565e372de6e2a888f038660173f6f4fe0ecda293c441415296e79097c261c452f254

    • SSDEEP

      3072:cd5+N3E2MosoJCakr0dHPAMMMtrAfz9MrRAG:yIxMQQakr0xPSfzirqG

    Score
    1/10
    • Target

      GenuisExploit/runtimes/app.asar.unpacked/node_modules/vibrancy-win/binding.node

    • Size

      118KB

    • MD5

      6c12c930f974e5bc7872b58964f42359

    • SHA1

      805c5c899c32535d2ee8b2bc12deefe5fdaae566

    • SHA256

      094bfeb0692885f1e56bb363e1065099eab48a7988c8603fd6a3fb49ec88b09c

    • SHA512

      f46c416e3f33e0526c2d4cb3df738f7c9b11fece350b90ca9613e5d86bae7a363dd20b80d62f5745a9d51773b655199537b09fcf47acf226f35002f39f1596d3

    • SSDEEP

      3072:/WKjx2yp1tLqA1HB4kdeRqGmX5EMMi6leGS:3xBPVf1HB4kER4UFhS

    Score
    1/10

MITRE ATT&CK Enterprise v16

Tasks