General

  • Target

    Latesten-v.winx--Setup.exe

  • Size

    1.1MB

  • Sample

    250704-x4gmsayjs2

  • MD5

    2a897f05f2217690266588fb4214c819

  • SHA1

    2c2a240a6b211e14f909bcd472fe83fc23931862

  • SHA256

    6d2c14b76193cfe77c0c7047449dfa1668e7ba5784f17a8964fc80a73fcbb8a2

  • SHA512

    813910bbf3c1f5e71951fb1df44cca7bc117083770e2b90c2001d9069f4ce3d87fad90b99695612d5510bd03254f2c7da95939968bba411ef8a26f43d0d40042

  • SSDEEP

    24576:A0aNw7SGM9f7gx1zK/KAmoS2H6sGyE8T9SuUtJP99h+hBd3Ezu2FFl:AXGM9cx8r9lEGouuPvh+tol

Malware Config

Extracted

Family

lumma

C2

https://t.me/sadwq223123asdsad

https://giyewf.shop/gbtw

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://cbakk.xyz/ajng

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    ff5ce2f397f8a727e97c26f03b0cf868aa5ce2a464

Targets

    • Target

      Latesten-v.winx--Setup.exe

    • Size

      1.1MB

    • MD5

      2a897f05f2217690266588fb4214c819

    • SHA1

      2c2a240a6b211e14f909bcd472fe83fc23931862

    • SHA256

      6d2c14b76193cfe77c0c7047449dfa1668e7ba5784f17a8964fc80a73fcbb8a2

    • SHA512

      813910bbf3c1f5e71951fb1df44cca7bc117083770e2b90c2001d9069f4ce3d87fad90b99695612d5510bd03254f2c7da95939968bba411ef8a26f43d0d40042

    • SSDEEP

      24576:A0aNw7SGM9f7gx1zK/KAmoS2H6sGyE8T9SuUtJP99h+hBd3Ezu2FFl:AXGM9cx8r9lEGouuPvh+tol

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      $TEMP/Bad.ppt

    • Size

      84KB

    • MD5

      384b2a44d7ed2506175f7a8aee30681a

    • SHA1

      8bef10b530122d2b0ab7127a1f29a5c95b867d3f

    • SHA256

      146230651a8af2d571bcc7bf24b5abdd4c5bd36c87999a459ad85f1c5622432b

    • SHA512

      65746bfe50792667ac27665faf4c338bf9522bd2c9cab794f0c8ff425e530076211815120ac767548f3992bc98f8d230db914c8f75ed0569b82d8a5947b97b04

    • SSDEEP

      1536:Bgr4N/1iFYKiewSzXGyRSoaffIHay9MA/IQGTaYfbAVX2hRCn+BAmyPQ:Sr4x1iFYKbb7GyRKgH7ai8oX2hR73yPQ

    Score
    1/10
    • Target

      $TEMP/Bucks.ppt

    • Size

      27KB

    • MD5

      43439e3e7dd1e89cd86207dd59b32228

    • SHA1

      2f384788585932d782d1663cc6a587bd5cd93317

    • SHA256

      941c214a10f3bccd6dbe7a4e90de7dfc7e46c42be8ef55a0600292a15428876a

    • SHA512

      5e1cb426c79e7c75302ec35e0b4b0e412a07303233b936261d93edfe0d5d49e4035f903e8a19fc53ac54d81154b9436f46da0851c81e79c07a75a1b2562cd1b8

    • SSDEEP

      768:sLKU4FgXN4ExNnzBwVPfCrXHOtCsz0AEz:GQwbVwNqrXiQX

    Score
    1/10
    • Target

      $TEMP/Swimming.ppt

    • Size

      78KB

    • MD5

      e53f3ad596e37bc1ae6ca9ae26295e94

    • SHA1

      2fc1fcb1c81ffb26aba38558ce6ad165af8f9ca6

    • SHA256

      8fa96cfa014172b1f1607d24138e14a71d729f5b822c4ae843aa71e21307cdf6

    • SHA512

      48948e3d282aefcb8d2ca32eca4548706fc2e43b1b32e3b6014e9ae6027ce5ab2e9b3b1671d6e39d04c926a635c312b9ea684ac5b045d202c2ec84f2fbd2433c

    • SSDEEP

      1536:5n+d/+LX9ZmR408RYlivpp5xQBkbX9e3J76N2oTjT+qlJnW2:5n+l+HmRp8RhLjQsc35Y2oTjT7HW2

    Score
    1/10
    • Target

      BlowCzech/Ghana.ppt

    • Size

      64KB

    • MD5

      958c4549bde1b7306155984892a1f963

    • SHA1

      8e98f68be41cc64f522c26f218142bcb0a29dc1d

    • SHA256

      60eadc3277f9db0ae1bd29c570313ad1f7ad49123b5ef88a4d9c84f65b4ead7e

    • SHA512

      9e653c6ceebf117eabb8496edfac57707399ac84812614e841f4f7c16e683f42eb469f4bc9aeb7de2892b318ef7ed2fa77cd1c9de1e489a4fb85cf459c1f06aa

    • SSDEEP

      1536:7Z+izhL5+QglMAPXrmtw9ojgiocM77QpjBeQLCyqDGQv1B2+OSlT:5zn+8Av3ug4g7GhLfoGOLOSlT

    Score
    1/10
    • Target

      BlowCzech/Message.ppt

    • Size

      79KB

    • MD5

      48c14f3a3c4619586b8c79ce5e41b34b

    • SHA1

      59ef016c015152371fe475ddf784a80bc444719b

    • SHA256

      e389f2519234f4a52125369689256fd1ef3860f4239fa3126a5859824b369094

    • SHA512

      64a3908f5319f9dc038acab83fc8b4049513a2d10d2630778fd0584d1571acf42d33dde81cb4afd3ced6976cc0089325702584fca58add339269c1435b4b074c

    • SSDEEP

      1536:RiyingzFG3ex+7FF++DIbzvQm5KsMXUDkXzdLt4LatI+ZnZKieza1aR5oleTPUL:R2gzFG3eM7FUbbpMXUq5R4mtI+jIJ5op

    Score
    1/10
    • Target

      JusticeInstalling/Ages.ppt

    • Size

      39KB

    • MD5

      8b5805a0d2cdbaa93483dc6888997432

    • SHA1

      f4aacab3216d934eef368557be2ded6401b04c0f

    • SHA256

      085674a0085d57fb888804bcbe06b1701da5e92cd11082a86267a8b4b2d73423

    • SHA512

      8389cdfe09c10e79e927072dc9a6426e5d964afc04a3c6ff2dbe4257059b69d4a6be6a98579478969e3acf82773d6747b8b933aa4e12a476e6a155c614956e0b

    • SSDEEP

      768:7UKIpXEZlT5z7NjwLAV01RRZY19hL+5/2Lfd/NQHHPtITY4KJS4W:4pwTFVGyMOgmTYlJS5

    Score
    1/10
    • Target

      JusticeInstalling/Desirable.ppt

    • Size

      73KB

    • MD5

      923bf20a51d7ca0b1a005873a2831ba6

    • SHA1

      788be0abbf388c65a6e2cca02fe117c244f72c0f

    • SHA256

      dd2bfad6d773547e78be51ed5f104df27dd469fbd65f80155a1db8eda4c740df

    • SHA512

      083d70ff3447c1b8bbb14e96bf4bf4cc0d63a094ba59dca99039a0818d210137084e13e9e6c7fd25f94468956cf6b8db0736f749a6e4d810d153522e9b078718

    • SSDEEP

      1536:O/suLGQl71Ck9h2ddMz7ckH/BlEzCoioWdYLln/rh0gW:+suLGo/h2vMzrH/7eCoc40gW

    Score
    1/10
    • Target

      JusticeInstalling/Talked.ppt

    • Size

      63KB

    • MD5

      536a5999e7631789b886060127e3434f

    • SHA1

      1c51f00ce8b7ecfc0248abf9a5a5ebff20821011

    • SHA256

      6a2f63656e19a414d3869b88132d9f33f25fc680a5659f855b2f8dee19a25bfd

    • SHA512

      043ff1d92c9bc8c5c4a2936dfd13d1255c321b4293be046ba2e3c2b34fc4510ecd005490ee2d3eeacc784f7332782b44b603d915c6687e08462ffa26766c3b91

    • SSDEEP

      768:FEsmcN7UBeJEg/AgZjeQS/WE3JrdkQHADOibYMZDfV6uBww+l8Xem9SXhOk9Sys9:yPGUIJEgRhRSOE3bwqumPl8OkSHSy1U

    Score
    1/10

MITRE ATT&CK Enterprise v16

Tasks