Overview

overview

10

Static

static

3

!ŞetUp_51...up.exe

windows7-x64

1

!ŞetUp_51...up.exe

windows10-2004-x64

10

!ŞetUp_51...up.exe

windows11-21h2-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    !ŞetUp_51286--#PaSꞨKḙy#$$.zip

  • Size

    4.1MB

  • Sample

    240704-yarfkaxeke

  • MD5

    12e1b33c544e30e8924c46ba16fe3e79

  • SHA1

    9aba5f5b34535e902672a48eac3b21b036529fdd

  • SHA256

    0f94f6a5c219c17ba7c1c5d9be967e576c7a8f0e097a14706b13feed3aaafe7d

  • SHA512

    a1455b3cae107be0557122ff92cd59deb97415ea503c2fa13431566ea957ab2a43a4b8a6c46f73ec5b6b1cc33d9f48199c0c496c604f4aa8b80f9b7dd800ef13

  • SSDEEP

    98304:wHbApCD1dRk71DN18tpXL8Ut2UVWf99lW4gCb3Fk3:w8w1YDaHt2XVcYFE

Score
10/10
amadeylummaexecutionspywarestealertrojan

Malware Config

Extracted

Family

lumma

C2

https://unwielldyzpwo.shop/api

Targets

    • Target

      !ŞetUp_51286--#PaSꞨKḙy#$$/Setup.exe

    • Size

      1.1MB

    • MD5

      f975a2d83d63a473fa2fc5206b66bb79

    • SHA1

      e49d21f112ab27ae0953aff30ae122440cf164b9

    • SHA256

      6a2d3876003f6c68f824df4f0033564d8c230716908ba2e6c06ea1dd6d5f98e8

    • SHA512

      4af4ce56bf131432d488ed112f8858c1e1392d013c6ac0603f2fd70ed513091e35854c0f678efeab7fa9a551517c6b9698f40a92729112de4b852fa3c0c69d64

    • SSDEEP

      12288:IbCylcTVPbi7vT1K7n6HpVkg8KHIo5u0K1VmMxEnbuvuY2jTU+LHMA+nk2oG1ts:4lcTVPbikTMkg8KH/mmMxnvfphx8

    Score
    10/10
    amadeylummaexecutionspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks