General

  • Target

    𝙎𝙀𝙏𝙐𝙋.exe

  • Size

    1.1MB

  • Sample

    250704-xnd7qadk7v

  • MD5

    bfa8f9c5eb1d2ca6e0bde4f98a6e015e

  • SHA1

    75e888dc06aed24e0240f553128d130653f3ea2f

  • SHA256

    9feb08434769700bacac11ace796c80c839bab021a9993136fc49c57da11d58d

  • SHA512

    fe94845495760ff16436977fec51c19a49d379c6ebfb7605e365bfc39342c8910af25a8be07978854b90ad3eed60b12bb2b8f03b5222e08ae11ad8dd59774e08

  • SSDEEP

    24576:d0aTMqFE1knemYIhiLS1n1rlQ8XsUNc+2VQtQs7M2c+W7a:dCqC1keIU+1n1/1WLVQiwF

Malware Config

Extracted

Family

lumma

C2

https://braoto.top/wsxz

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://cbakk.xyz/ajng

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    bd0404570edf8e153af205824362d5be86df7c91ff90

Targets

    • Target

      𝙎𝙀𝙏𝙐𝙋.exe

    • Size

      1.1MB

    • MD5

      bfa8f9c5eb1d2ca6e0bde4f98a6e015e

    • SHA1

      75e888dc06aed24e0240f553128d130653f3ea2f

    • SHA256

      9feb08434769700bacac11ace796c80c839bab021a9993136fc49c57da11d58d

    • SHA512

      fe94845495760ff16436977fec51c19a49d379c6ebfb7605e365bfc39342c8910af25a8be07978854b90ad3eed60b12bb2b8f03b5222e08ae11ad8dd59774e08

    • SSDEEP

      24576:d0aTMqFE1knemYIhiLS1n1rlQ8XsUNc+2VQtQs7M2c+W7a:dCqC1keIU+1n1/1WLVQiwF

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks