General

  • Target

    𝑺𝑬𝑻𝑼𝑷.exe

  • Size

    1.1MB

  • Sample

    250704-xp3ayadk81

  • MD5

    c4f480797d490445b330c449e74c71e3

  • SHA1

    63fd7fa1d14f4e971ac6f9b48c0426c45e89b267

  • SHA256

    0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895

  • SHA512

    51564fde65865d5672c1439b9aa15dac24e3504df875e30783d08c7daf1b8e552d014a53e751247934b6f85257c0c9a1030469f9482cec7e628fb6097976233e

  • SSDEEP

    24576:r0aclh1X8x4TS8jTEJXRiAS1uoaJoZ8s8v65eu6Rn7pNb:r4DoJhiFoJo/8yQuEn

Malware Config

Extracted

Family

lumma

C2

https://t.me/sadwq223123asdsad

https://giyewf.shop/gbtw

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://cbakk.xyz/ajng

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    87d6d96b7dff409b5339f2d55997fc666193

Targets

    • Target

      𝑺𝑬𝑻𝑼𝑷.exe

    • Size

      1.1MB

    • MD5

      c4f480797d490445b330c449e74c71e3

    • SHA1

      63fd7fa1d14f4e971ac6f9b48c0426c45e89b267

    • SHA256

      0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895

    • SHA512

      51564fde65865d5672c1439b9aa15dac24e3504df875e30783d08c7daf1b8e552d014a53e751247934b6f85257c0c9a1030469f9482cec7e628fb6097976233e

    • SSDEEP

      24576:r0aclh1X8x4TS8jTEJXRiAS1uoaJoZ8s8v65eu6Rn7pNb:r4DoJhiFoJo/8yQuEn

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks