General

  • Target

    Lutrix.exe

  • Size

    4.5MB

  • Sample

    230310-2vbsdshe2v

  • MD5

    8a0dfeea924d5faf4025d9ac7aa393a4

  • SHA1

    1da14c08a5f6c6b7efc4ddf4ba8087de7578c1e4

  • SHA256

    2c329e073c0332b62859ee25d3953388d521961a5731d43633a948459c2a80fc

  • SHA512

    b4b752d2b16616f62074890ed5483f5944cf5d578ba5d802da2eafa1c550e2595e87245ad91d93ec7a7401980efe885065f08d5e58d41889778c08b52c978361

  • SSDEEP

    49152:jjk7QkVV6AtEz7BYU8+/391+SUAx5lPqy4U/m4HccJYAYbEr8vzTwSgO79Ku:jjk7StYUjvllq4/mZ1AYbEr8F

Score
10/10

Malware Config

Extracted

Family

lumma

C2

45.9.74.78

Targets

    • Target

      Lutrix.exe

    • Size

      4.5MB

    • MD5

      8a0dfeea924d5faf4025d9ac7aa393a4

    • SHA1

      1da14c08a5f6c6b7efc4ddf4ba8087de7578c1e4

    • SHA256

      2c329e073c0332b62859ee25d3953388d521961a5731d43633a948459c2a80fc

    • SHA512

      b4b752d2b16616f62074890ed5483f5944cf5d578ba5d802da2eafa1c550e2595e87245ad91d93ec7a7401980efe885065f08d5e58d41889778c08b52c978361

    • SSDEEP

      49152:jjk7QkVV6AtEz7BYU8+/391+SUAx5lPqy4U/m4HccJYAYbEr8vzTwSgO79Ku:jjk7StYUjvllq4/mZ1AYbEr8F

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks