General

  • Target

    🗃️ 𝕤𝕖𝕥𝕦𝕡 ≺.exe

  • Size

    1.1MB

  • Sample

    250704-xqcfxadk9y

  • MD5

    ae736582b5692d6e72f601ec5762e49f

  • SHA1

    6703f13c7039247263ddcbbff5fce3e91366eb16

  • SHA256

    bdfa2e291431585fc94280f0cacd6f7bc1baae9a78842093610569956abdf04b

  • SHA512

    83acdab84ad71b0dc02883c0b6c8bff42879a68574b2d52af28428d6b5a10cff075babdd33329e80041b6b36271053f953478168cfdf9fcd9713b759de50a4fa

  • SSDEEP

    24576:70a2klZwdujxf/Rzvqr4nirZsFbKRZYoeiu49vfX583d:7YgZAYfZzaSboZYBiuwX58

Malware Config

Extracted

Family

lumma

C2

https://t.me/sadwq223123asdsad

https://giyewf.shop/gbtw

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    a08e63d8a74019f197ce72190b543d73de55ef1673

Targets

    • Target

      🗃️ 𝕤𝕖𝕥𝕦𝕡 ≺.exe

    • Size

      1.1MB

    • MD5

      ae736582b5692d6e72f601ec5762e49f

    • SHA1

      6703f13c7039247263ddcbbff5fce3e91366eb16

    • SHA256

      bdfa2e291431585fc94280f0cacd6f7bc1baae9a78842093610569956abdf04b

    • SHA512

      83acdab84ad71b0dc02883c0b6c8bff42879a68574b2d52af28428d6b5a10cff075babdd33329e80041b6b36271053f953478168cfdf9fcd9713b759de50a4fa

    • SSDEEP

      24576:70a2klZwdujxf/Rzvqr4nirZsFbKRZYoeiu49vfX583d:7YgZAYfZzaSboZYBiuwX58

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks