General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
lumma
C2
https://liaxn.xyz/nbzh
https://pacwpw.xyz/qwpr
https://comkxjs.xyz/taox
https://unurew.xyz/anhd
https://trsuv.xyz/gait
https://sqgzl.xyz/taoa
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
Attributes
-
build_id
d8d6920af05b5e35251a30463cc32e099c8e51912189d294a4
Targets
-
-
Lumma family
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3