General

  • Target

    Setup.exe

  • Size

    1.1MB

  • Sample

    250704-x716laxwex

  • MD5

    9feb3e2d8e0a1c5371348206ea32863c

  • SHA1

    e7f23674c3167b07bba2b3188fa74a366def7834

  • SHA256

    cf2cb87ad7efe52b506124b259832d0e074deb3a77cff29a9dce8d4d7521e8b7

  • SHA512

    3823a6e4e8cdb983fe1774f933567ea01c4d424c0773ee6a66bc6644569ffca74899c96785a7801a468018fe42ad772f521d4dd3f76b946dcadcd9d4933acd84

  • SSDEEP

    24576:a0aOhu3LZOzTCEbNs0UB+LQcHKMzqvaoXhg443tqasJ:aJ3IzTCEbN/q+L9TWaYhn430J

Malware Config

Extracted

Family

lumma

C2

https://flagowe.shop/xpal

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://cbakk.xyz/ajng

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    0a163df940ad778a4ae2409ca751eb9976728ab6db11

Targets

    • Target

      Setup.exe

    • Size

      1.1MB

    • MD5

      9feb3e2d8e0a1c5371348206ea32863c

    • SHA1

      e7f23674c3167b07bba2b3188fa74a366def7834

    • SHA256

      cf2cb87ad7efe52b506124b259832d0e074deb3a77cff29a9dce8d4d7521e8b7

    • SHA512

      3823a6e4e8cdb983fe1774f933567ea01c4d424c0773ee6a66bc6644569ffca74899c96785a7801a468018fe42ad772f521d4dd3f76b946dcadcd9d4933acd84

    • SSDEEP

      24576:a0aOhu3LZOzTCEbNs0UB+LQcHKMzqvaoXhg443tqasJ:aJ3IzTCEbN/q+L9TWaYhn430J

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks