General
-
Target
2025-07-01_700d1dbcb146db0087ef0069bc551ed6_amadey_darkgate_elex_gcleaner_hijackloader_luca-stealer_plugx_remcos_smoke-loader
-
Size
36.3MB
-
Sample
250701-fb4heaskv6
-
MD5
700d1dbcb146db0087ef0069bc551ed6
-
SHA1
6f8488184ed5c2e76f142fa2e6c21f8da9f544e1
-
SHA256
08111de672f2f2122ff00d05139473ccff876322ee12af356c26724f4f02d036
-
SHA512
ee334dfc0a6f201c285dcda4e46db56223ac1359245610ba9b33a6908719c5ecfbf181a426742648440146acf542d47823493659767ba350e3ea0ffbd7806606
-
SSDEEP
786432:dusA5zcIRDrmOaxtNaLcai1++Pq7SgVB0BQF8:d6cIRDpax9ai1vPqoC
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-01_700d1dbcb146db0087ef0069bc551ed6_amadey_darkgate_elex_gcleaner_hijackloader_luca-stealer_.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
lumma
https://t.me/asvd213321fasdf
https://atrojr.xyz/tosz
https://pacwpw.xyz/qwpr
https://comkxjs.xyz/taox
https://unurew.xyz/anhd
https://trsuv.xyz/gait
https://sqgzl.xyz/taoa
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
https://liaxn.xyz/nbzh
-
build_id
081d7a215e3d357ffcc0e873b26471bb67ed9797
Targets
-
-
Target
2025-07-01_700d1dbcb146db0087ef0069bc551ed6_amadey_darkgate_elex_gcleaner_hijackloader_luca-stealer_plugx_remcos_smoke-loader
-
Size
36.3MB
-
MD5
700d1dbcb146db0087ef0069bc551ed6
-
SHA1
6f8488184ed5c2e76f142fa2e6c21f8da9f544e1
-
SHA256
08111de672f2f2122ff00d05139473ccff876322ee12af356c26724f4f02d036
-
SHA512
ee334dfc0a6f201c285dcda4e46db56223ac1359245610ba9b33a6908719c5ecfbf181a426742648440146acf542d47823493659767ba350e3ea0ffbd7806606
-
SSDEEP
786432:dusA5zcIRDrmOaxtNaLcai1++Pq7SgVB0BQF8:d6cIRDpax9ai1vPqoC
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3