General
-
Target
04072025_1644_OrbitSync.exe
-
Size
30.1MB
-
Sample
250704-t8xm1swtcy
-
MD5
24cbb55f858c5953fa62e87d82645553
-
SHA1
2d7d1e031708159c134d890602dc6ab77fac3dab
-
SHA256
ea0b6604fc8126399e95afa4e5f0ffff6f70633c1aa6ebb236d7e9b98fb80438
-
SHA512
88381b5dbe5314e6658e978a987aba65d819abbb552acf018300cc176fcaf8713e9a37528ecd6380cf59e44f40009dc47818829a847f34e5c4bb167b904198b8
-
SSDEEP
393216:4IWwYLRUDBV29QyrCAhkpFcDcCgIHYxY9fgFh9HnqHeSp/jb:4I5GRUFV291hkTccCghYsh9HKeg/3
Static task
static1
Behavioral task
behavioral1
Sample
04072025_1644_OrbitSync.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
lumma
https://t.me/xfbeh45trehgs5y4
https://triobm.xyz/tapw
https://ycvduc.xyz/trie
https://nbcsfar.xyz/tpxz
https://cbakk.xyz/ajng
https://trsuv.xyz/gait
https://sqgzl.xyz/taoa
https://cexpxg.xyz/airq
https://urarfx.xyz/twox
https://liaxn.xyz/nbzh
-
build_id
5d579dd5eae95f15419e90c76d02fc36368767367466
Targets
-
-
Target
04072025_1644_OrbitSync.exe
-
Size
30.1MB
-
MD5
24cbb55f858c5953fa62e87d82645553
-
SHA1
2d7d1e031708159c134d890602dc6ab77fac3dab
-
SHA256
ea0b6604fc8126399e95afa4e5f0ffff6f70633c1aa6ebb236d7e9b98fb80438
-
SHA512
88381b5dbe5314e6658e978a987aba65d819abbb552acf018300cc176fcaf8713e9a37528ecd6380cf59e44f40009dc47818829a847f34e5c4bb167b904198b8
-
SSDEEP
393216:4IWwYLRUDBV29QyrCAhkpFcDcCgIHYxY9fgFh9HnqHeSp/jb:4I5GRUFV291hkTccCghYsh9HKeg/3
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3