Resubmissions

30/06/2025, 20:31

250630-zawkysxvgy 4

30/06/2025, 20:18

250630-y3c4msvlz7 10

30/06/2025, 20:04

250630-ytal6afn9z 10

General

  • Target

    zhopa-siski-pidar

  • Size

    31KB

  • Sample

    250630-ytal6afn9z

  • MD5

    65d048096ad71990cf696b0217ad74e2

  • SHA1

    dd56223a980b5f8a52b0a734b40abb74690f15d0

  • SHA256

    67b7a84a56a488b56d59a6e990729796fc88105d1edad46d587641e5e490e3af

  • SHA512

    2fbd9ff2e68a46ea39d95b23b9d76c1cd0c9932cdc7a17a656b086e9f05446de6c0814b9e470abaa2fa7f6eba0744e4c7c21a0261040522ce9c992f239b721cb

  • SSDEEP

    768:J72aFqlyDkPHFXRMBdUFElHdlE2RRPXhTxvjdlK7:J72Cqlyo/FXRTEl9l/T/vjdlK7

Malware Config

Extracted

Family

lumma

C2

https://invertdbdi.top/xjit

https://gewgb.xyz/axgh

https://skjgx.xyz/riuw

https://ropyi.xyz/zadf

https://spjeo.xyz/axka

https://baviip.xyz/twiw

https://shaeb.xyz/ikxz

https://firddy.xyz/yhbc

https://trqqe.xyz/xudu

Attributes
  • build_id

    950a1284e85f7c6ca2b5599becbc8e052f6e718070c9afd114

Targets

    • Target

      zhopa-siski-pidar

    • Size

      31KB

    • MD5

      65d048096ad71990cf696b0217ad74e2

    • SHA1

      dd56223a980b5f8a52b0a734b40abb74690f15d0

    • SHA256

      67b7a84a56a488b56d59a6e990729796fc88105d1edad46d587641e5e490e3af

    • SHA512

      2fbd9ff2e68a46ea39d95b23b9d76c1cd0c9932cdc7a17a656b086e9f05446de6c0814b9e470abaa2fa7f6eba0744e4c7c21a0261040522ce9c992f239b721cb

    • SSDEEP

      768:J72aFqlyDkPHFXRMBdUFElHdlE2RRPXhTxvjdlK7:J72Cqlyo/FXRTEl9l/T/vjdlK7

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks