Overview

overview

10

Static

static

3

EaseUS Dat...k).exe

windows7-x64

7

EaseUS Dat...k).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EaseUS Data Recovery Wizard Crack (SileCrack).rar

  • Size

    5.0MB

  • Sample

    240702-r1j1vaxble

  • MD5

    97695df73f8d88325d9b577d6c9d9fa0

  • SHA1

    7287704a75b97b56a0fc101cf791ea926019ac7f

  • SHA256

    68d08c983edad3cc12f76b4535717c5311c89b26700bf86a8843e48997b04f35

  • SHA512

    e8281b096ca7ee371d2abb9bad960d5dc60d101a6dc57b3dcd82f4cdcbdef07220befd4c1b08c56b480002e0eea44bf71d0aa3907dc379b6761f161e86c7d318

  • SSDEEP

    98304:45aYlU9dV2TFT1Z92XtHRK+SRF8t/GNah2GamLyFxo43exQN4ZF:IlU9Ip1jl+bsNuDax7i0U

Score
10/10
lummaevasionstealertrojan

Malware Config

Extracted

Family

lumma

C2

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      EaseUS Data Recovery Wizard Crack (SileCrack).exe

    • Size

      5.1MB

    • MD5

      c13127f97d08d608b829c5a5ac8a26ae

    • SHA1

      e420560091ecae1aff6eb0da906d4b3173f78f65

    • SHA256

      4727831057d964540e10b26e564a8106b5d135647b95cf1f52008ae078e65686

    • SHA512

      c0d5b234089a3ea19038025508e65998f66313284c87aba3988bd026522c84697dc2dc3e132da7812a06d5d89c5597d6d14a7389b88f196637fec34750e75d44

    • SSDEEP

      98304:ysu9jR+khQvUjPjXrOkxoQhFXY2IAde4qshPJ80yRLZKkAU:ybjskesjvNVhFXUAA1shPJ80SwU

    Score
    10/10
    evasiontrojanlummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks