General

  • Target

    𝑺𝑬𝑻𝑼𝑷.exe

  • Size

    1.1MB

  • Sample

    250704-yc1r1sxxcz

  • MD5

    c4f480797d490445b330c449e74c71e3

  • SHA1

    63fd7fa1d14f4e971ac6f9b48c0426c45e89b267

  • SHA256

    0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895

  • SHA512

    51564fde65865d5672c1439b9aa15dac24e3504df875e30783d08c7daf1b8e552d014a53e751247934b6f85257c0c9a1030469f9482cec7e628fb6097976233e

  • SSDEEP

    24576:r0aclh1X8x4TS8jTEJXRiAS1uoaJoZ8s8v65eu6Rn7pNb:r4DoJhiFoJo/8yQuEn

Malware Config

Extracted

Family

lumma

C2

https://t.me/sadwq223123asdsad

https://giyewf.shop/gbtw

https://ycvduc.xyz/trie

https://nbcsfar.xyz/tpxz

https://cbakk.xyz/ajng

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    87d6d96b7dff409b5339f2d55997fc666193

Targets

    • Target

      𝑺𝑬𝑻𝑼𝑷.exe

    • Size

      1.1MB

    • MD5

      c4f480797d490445b330c449e74c71e3

    • SHA1

      63fd7fa1d14f4e971ac6f9b48c0426c45e89b267

    • SHA256

      0746bb80d0d6493390cf482becae8c7908922825ab2fdb306f82e2aa4ef11895

    • SHA512

      51564fde65865d5672c1439b9aa15dac24e3504df875e30783d08c7daf1b8e552d014a53e751247934b6f85257c0c9a1030469f9482cec7e628fb6097976233e

    • SSDEEP

      24576:r0aclh1X8x4TS8jTEJXRiAS1uoaJoZ8s8v65eu6Rn7pNb:r4DoJhiFoJo/8yQuEn

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Target

      $TEMP/Terrorist.htm

    • Size

      48KB

    • MD5

      4bfc395d29b8efde7fa99f97a49c454a

    • SHA1

      3bc94db2e479b196e042e2b20a62f91582abe234

    • SHA256

      183bfe39632a452e4633b776b4c55b0934c011afb4f62003f3b9d13a9cef690d

    • SHA512

      81f6f81dfa9afb38485ad345aa647857519935bedef059261cee8be7b4d3bc2745954446a644eda557be69b53d3ef1c0b177337915b8a0bd77de34faabbfdc46

    • SSDEEP

      1536:3XYyqwTnZ9O3yn7x0zodKFI+hS7TsalhN0uzrDvk:Yyqwl9O3yNKBhyTsalz5rk

    Score
    4/10
    • Target

      NtCrafts/Ampland.htm

    • Size

      87KB

    • MD5

      e9c66e601291abd5792c72663b21ff70

    • SHA1

      1a2e074481aa45175a22e533a6d22d939c73db7e

    • SHA256

      e4a27420ceaef2ed530bdfd684f3d32c5626ec4c5b2eb7a0b7c2c9ff39431053

    • SHA512

      15211d907f0b5012e2858acc6eb0337efbbe4ed6ca9892b94243e5ba00ce9d67d614a6512cbaf493c1e01205a7d6b1f9d3f867c04476bee81c758a69d0df413c

    • SSDEEP

      1536:TiRirST4gh4MatQbtQk1Oz+CaHJmf3Yk9A08A7U+bH+NYVDDwsEwK4J03BDg640:TiIrxtQuq/8jJVD03wj035gL0

    Score
    7/10
    • Loads dropped DLL

    • Target

      NtCrafts/Country.htm

    • Size

      87KB

    • MD5

      44416b1b56da19ee11edf99c98a98b46

    • SHA1

      f411bc9c7c5009b3e9fc4bc28b58343dbe3929ee

    • SHA256

      b4db06d977794c81f4e2f1e6c581d646b4055ee68517e4bc43fd2bdca67ae6e7

    • SHA512

      2cd5e9cd73f24f51076c0f5966b283a505f9c3c3c68320b093ba39f85a3e99a567e8dbd86700128296e7574ae8a401ad085322cfcba9225261916e23a1b0ae6a

    • SSDEEP

      1536:tveyFhtwSBkR2CqARZrQiyfjiruj9GdYII6FxhGQ1utYCK9U7fdYh:tGyD6NR2CqAMiajirOpR6FJ1uSVodYh

    Score
    4/10
    • Target

      NtCrafts/Entrance.htm

    • Size

      25KB

    • MD5

      a4886f85317924eb6a5b6f05f3ad481e

    • SHA1

      0b9dc35f9ffc1f8fca18d52aab86d6d5af5c1ac0

    • SHA256

      4a1050bc9b984ac01784dad08174da0b78259f733bf7795ff53aa27f67f0c0b0

    • SHA512

      d3af9b6273b9654ca870bc713bd544b2545bd7e68b175ba073f127a9ef586d080b502012005c4587997fa9ce32ae77c8deef01f32103721adba70323604eea89

    • SSDEEP

      768:bUZUytGWeviy55023YpU9Ol9UXLEnagy6qwvA:bUZUKG7vi9VcOl9UXLEn3y6qwY

    Score
    4/10
    • Target

      NtCrafts/Focuses.htm

    • Size

      58KB

    • MD5

      21b005cad165eaf10a897482c5bdaa0f

    • SHA1

      c8eb3508b92ac888ce373a999c920d142bd316e4

    • SHA256

      15ea4296d8e8edb88431d5002f50a19b4ae837d423464221188df2899fbb1df1

    • SHA512

      519b5633132e64fe1b2b4a39c36f7cbaf0f1a476244b4e0684f5aaf5a2e2f54a1a338d6c9dc91feeb9cf7e9c92ff40f4ec20967765709226efa51c376192bfef

    • SSDEEP

      1536:o5p8EOye0p0IGQHtQloQ4/OId4k1APgDQv86yL:WO0KSe33k1+/vnyL

    Score
    4/10
    • Target

      NtCrafts/Horny.htm

    • Size

      71KB

    • MD5

      4eeb7f475dbc44bea2a70716663ff93e

    • SHA1

      4fbe06282251a69fa003ee9379fa3da07b27d6d8

    • SHA256

      76e47782e215677556fcccda36766e441831f21a6916ecc8811e27f902f1e358

    • SHA512

      ff6cfbe7f9fa5bfc11c49a1652a3cbbd098cd69eeeb4412ad079bc9cc0f25cff79871bdf3ea2cc46d4db37efb407709e213cc5a535434beb763782634efdbac2

    • SSDEEP

      1536:QXeuYci3apzPSd7mF1RLAcyUlnfhYvDTkyYvbIgBCpo/:Qva38bR3RL3yUNhYvDI/Ik

    Score
    4/10
    • Target

      NtCrafts/Marriage.htm

    • Size

      68KB

    • MD5

      cb9e8414d6bd90a6cbecac3c81b34b96

    • SHA1

      d7a73b810897964783123dcedbee58809074a719

    • SHA256

      242b3e7769efb44434b5d1889fc4190648d5bd35a9c8dc258182686f6a579ea6

    • SHA512

      f905f7100263391d0af7604f2206502bad6763d3befde5ca8771a8590d746eacfc82567bda148d33d5f17b03ac6566ca3d40b93212e31b31969394ea77e5aa14

    • SSDEEP

      1536:EEHIii6VVfFBA3REzMi3ZtFXHu+QE/0yI5T35tfQBdo0u:nzbL3A3mn3ZtFXHpQByI5T35tfQ/o0u

    Score
    4/10
    • Target

      NtCrafts/Suites.htm

    • Size

      61KB

    • MD5

      1958aead4438552dc00c32838262e1c2

    • SHA1

      811c4b49827d0689bfc5a717d699fe44351ade3f

    • SHA256

      6ada4a7663f1d11669aa37c0887278e2f5606c235747f744638436abedf2327a

    • SHA512

      2a5da037cf06103a5ba7bb1a4b4958dcc4a017c16c1b50d3653547358a03fb5f4b85f380309e44dd7778e0fd3a663b71d1e392a2297186af387c67243b9a6693

    • SSDEEP

      1536:FwD3StZGAfn4007TnEEnTu4m68X3rtptqPlKZnexoJEnIaK5L38S+oF6m:FntZGAfdmEEnRmlrlqPkZnjinfi86FL

    Score
    4/10

MITRE ATT&CK Enterprise v16

Tasks