Resubmissions

04/07/2025, 19:19

250704-x1mpmaxvfy 10

04/07/2025, 19:18

250704-xz7neadl5z 7

04/07/2025, 19:09

250704-xt65padl3z 10

General

  • Target

    0f0cdc23_.exe

  • Size

    1.1MB

  • Sample

    250704-xt65padl3z

  • MD5

    2f8393e1aa4c24d3e5e5be7b34496978

  • SHA1

    1e5a0ab07c575daf9a072f69c221c6823f1d9072

  • SHA256

    0c09d626762969426c58e715e6f44aa782f4edeeae4b436e7246fa3dc3713ba4

  • SHA512

    5b40c6f9de5a95bf2a81de087f8cb1785e9e4f3a8835a4904a339a1ad2b873a4e1f18bff51c16d5f0018ca526dd427c695ea9e1fccb0117e8e92d173f2b56dae

  • SSDEEP

    24576:N0ajgKNQm3E/UUHc0fZUaB3WvtRbOuEcNB0ysEajeYEWc:NFtE8AXfPY5E+JUfEWc

Malware Config

Extracted

Family

lumma

C2

https://t.me/sadwq223123asdsad

https://giyewf.shop/gbtw

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://cbakk.xyz/ajng

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    23d7e62ebeb343fc6c92b86e8c20e3fe2c28b95d6e

Targets

    • Target

      0f0cdc23_.exe

    • Size

      1.1MB

    • MD5

      2f8393e1aa4c24d3e5e5be7b34496978

    • SHA1

      1e5a0ab07c575daf9a072f69c221c6823f1d9072

    • SHA256

      0c09d626762969426c58e715e6f44aa782f4edeeae4b436e7246fa3dc3713ba4

    • SHA512

      5b40c6f9de5a95bf2a81de087f8cb1785e9e4f3a8835a4904a339a1ad2b873a4e1f18bff51c16d5f0018ca526dd427c695ea9e1fccb0117e8e92d173f2b56dae

    • SSDEEP

      24576:N0ajgKNQm3E/UUHc0fZUaB3WvtRbOuEcNB0ysEajeYEWc:NFtE8AXfPY5E+JUfEWc

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v16

Tasks