General

  • Target

    Setup.exe

  • Size

    1.1MB

  • Sample

    250704-x58gwsdm4v

  • MD5

    b23ef50332171e54202940c482a30a7e

  • SHA1

    319597d49b979f9c9eea94a38187db233abf5b0c

  • SHA256

    8713ce7042e5784c37c6037fe2fbe9628bf21f77497e2ad07875cc1c5f4b6a16

  • SHA512

    c849b3ad17bc9fdca7367012a165875bad7c9e24c11aa45a8af16156accd3b4040fbb6141d5afb6d69045b33fb8d7302e7918d3a38022e0bd293f093fc49c304

  • SSDEEP

    24576:p0aEM1/8dSr72GIFXMeQrcWlNcZbKkswQT5BA70:pKM7ZIOgWlNcQr

Malware Config

Extracted

Family

lumma

C2

https://unurew.xyz/anhd

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    35940ec8f145b1f3df682a0124381ea6214a10ee6094a168

Targets

    • Target

      Setup.exe

    • Size

      1.1MB

    • MD5

      b23ef50332171e54202940c482a30a7e

    • SHA1

      319597d49b979f9c9eea94a38187db233abf5b0c

    • SHA256

      8713ce7042e5784c37c6037fe2fbe9628bf21f77497e2ad07875cc1c5f4b6a16

    • SHA512

      c849b3ad17bc9fdca7367012a165875bad7c9e24c11aa45a8af16156accd3b4040fbb6141d5afb6d69045b33fb8d7302e7918d3a38022e0bd293f093fc49c304

    • SSDEEP

      24576:p0aEM1/8dSr72GIFXMeQrcWlNcZbKkswQT5BA70:pKM7ZIOgWlNcQr

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks