General
-
Target
zhopa-siski-pidar
-
Size
31KB
-
Sample
250630-ytal6afn9z
-
MD5
65d048096ad71990cf696b0217ad74e2
-
SHA1
dd56223a980b5f8a52b0a734b40abb74690f15d0
-
SHA256
67b7a84a56a488b56d59a6e990729796fc88105d1edad46d587641e5e490e3af
-
SHA512
2fbd9ff2e68a46ea39d95b23b9d76c1cd0c9932cdc7a17a656b086e9f05446de6c0814b9e470abaa2fa7f6eba0744e4c7c21a0261040522ce9c992f239b721cb
-
SSDEEP
768:J72aFqlyDkPHFXRMBdUFElHdlE2RRPXhTxvjdlK7:J72Cqlyo/FXRTEl9l/T/vjdlK7
Static task
static1
Behavioral task
behavioral1
Sample
zhopa-siski-pidar.html
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
zhopa-siski-pidar.html
Resource
win11-20250619-en
Malware Config
Extracted
lumma
https://invertdbdi.top/xjit
https://gewgb.xyz/axgh
https://skjgx.xyz/riuw
https://ropyi.xyz/zadf
https://spjeo.xyz/axka
https://baviip.xyz/twiw
https://shaeb.xyz/ikxz
https://firddy.xyz/yhbc
https://trqqe.xyz/xudu
-
build_id
950a1284e85f7c6ca2b5599becbc8e052f6e718070c9afd114
Targets
-
-
Target
zhopa-siski-pidar
-
Size
31KB
-
MD5
65d048096ad71990cf696b0217ad74e2
-
SHA1
dd56223a980b5f8a52b0a734b40abb74690f15d0
-
SHA256
67b7a84a56a488b56d59a6e990729796fc88105d1edad46d587641e5e490e3af
-
SHA512
2fbd9ff2e68a46ea39d95b23b9d76c1cd0c9932cdc7a17a656b086e9f05446de6c0814b9e470abaa2fa7f6eba0744e4c7c21a0261040522ce9c992f239b721cb
-
SSDEEP
768:J72aFqlyDkPHFXRMBdUFElHdlE2RRPXhTxvjdlK7:J72Cqlyo/FXRTEl9l/T/vjdlK7
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3