General
-
Target
download_cosmic.rar
-
Size
56.4MB
-
Sample
230401-vqly8scg3z
-
MD5
b4cac8224725b3ab74ab1bd019fc62c8
-
SHA1
49174323b8600c0164c5cb00de6e365397374539
-
SHA256
b556fd97a3cbae84484802bbe688b6eae2fb7145ab7d5211bde3104ba76ff1be
-
SHA512
37f819c9640b956025c0c425e145f51644c23f6d8857b1b42711ff8a2f9fb19898d398bc0ba152f27779f3bae1828211589b01f822c1c7151773176b63dcfe02
-
SSDEEP
786432:17v+nGMHGwpylZW7BlMCfhQl/78QUR7Gy7RAxsmITaiXlC2RHeNpCbunfyyGS6va:GG8pmW7l5Qly1R6sQVfp5fyVS6vCcrz2
Malware Config
Targets
-
-
Target
download cosmic/Cosmicdrift_installer.exe
-
Size
56.4MB
-
MD5
8802cae80be800cc329f85eb5c9ddda3
-
SHA1
9382d00a9efb54d90e652488efc8edfe26559bfe
-
SHA256
87997aa1da4bef4ee8f31c4d499d8750167bc740d8795a70f3232fff8f2819cb
-
SHA512
d4dbfa35236a08c362c32bdfb4d59901bb38781e710eb763664b14c723cf7989180f3afade37fea42a01b4d4cb435c7c6a7e9e4d2ad75c724509148abaf19109
-
SSDEEP
786432:a7v+nGMHGwpylZW7BlMCfhQl/78QUR7Gy7RAxsmITaiXlC2RHeNpCbunfyyGS6vv:3G8pmW7l5Qly1R6sQVfp5fyVS6vCcrz7
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-