General

  • Target

    2025-07-01_700d1dbcb146db0087ef0069bc551ed6_amadey_darkgate_elex_gcleaner_hijackloader_luca-stealer_plugx_remcos_smoke-l

  • Size

    36.3MB

  • Sample

    250701-fe484ssky5

  • MD5

    700d1dbcb146db0087ef0069bc551ed6

  • SHA1

    6f8488184ed5c2e76f142fa2e6c21f8da9f544e1

  • SHA256

    08111de672f2f2122ff00d05139473ccff876322ee12af356c26724f4f02d036

  • SHA512

    ee334dfc0a6f201c285dcda4e46db56223ac1359245610ba9b33a6908719c5ecfbf181a426742648440146acf542d47823493659767ba350e3ea0ffbd7806606

  • SSDEEP

    786432:dusA5zcIRDrmOaxtNaLcai1++Pq7SgVB0BQF8:d6cIRDpax9ai1vPqoC

Malware Config

Extracted

Family

lumma

C2

https://t.me/asvd213321fasdf

https://atrojr.xyz/tosz

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    081d7a215e3d357ffcc0e873b26471bb67ed9797

Targets

    • Target

      2025-07-01_700d1dbcb146db0087ef0069bc551ed6_amadey_darkgate_elex_gcleaner_hijackloader_luca-stealer_plugx_remcos_smoke-l

    • Size

      36.3MB

    • MD5

      700d1dbcb146db0087ef0069bc551ed6

    • SHA1

      6f8488184ed5c2e76f142fa2e6c21f8da9f544e1

    • SHA256

      08111de672f2f2122ff00d05139473ccff876322ee12af356c26724f4f02d036

    • SHA512

      ee334dfc0a6f201c285dcda4e46db56223ac1359245610ba9b33a6908719c5ecfbf181a426742648440146acf542d47823493659767ba350e3ea0ffbd7806606

    • SSDEEP

      786432:dusA5zcIRDrmOaxtNaLcai1++Pq7SgVB0BQF8:d6cIRDpax9ai1vPqoC

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks