lumma | b800631ab0db1e2535aaa0d6c0de2e170b40c2583758cdb47b18bee239a7df47 | Triage

Submit
Reports

Overview

overview

Static

static

3

4 Dropped Samples.zip

windows11-21h2-x64

Sharing

General

Target

4 Dropped Samples.zip
Size

17.3MB
Sample

231207-175qkafh88
MD5

0d7401f6dc5c7f28b43301cd622fde99
SHA1

9fab1a2f8930719c3d141ad349671c75450c623e
SHA256

b800631ab0db1e2535aaa0d6c0de2e170b40c2583758cdb47b18bee239a7df47
SHA512

0cf43f043d9dcfb9053a403e674ad38d35a318ef7644c6c6c6d00486550f4d512802c93a7a9429702ac931b3d6b7a9f0b20bf2b00702448a36170a8f34e421a8
SSDEEP

393216:Pk8W3++o4LKRlC7/xZ7ajek8W3++o4LKVTuaqXq563NBF0wO:O33ql84d33gqEWNf0b

Score

10^/10

lumma redline @ytlogsbot livetrafic infostealer stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4 Dropped Samples.zip

Resource

win11-20231128-en

lumma redline @ytlogsbot livetrafic infostealer stealer

windows11-21h2-x64

14 signatures

1800 seconds

Malware Config

Extracted

Family

redline

Botnet

LiveTrafic

C2

195.10.205.16:1056

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Extracted

Family

lumma

C2

http://zamesblack.fun/api

Targets

- Target
  
  4 Dropped Samples.zip
- Size
  
  17.3MB
- MD5
  
  0d7401f6dc5c7f28b43301cd622fde99
- SHA1
  
  9fab1a2f8930719c3d141ad349671c75450c623e
- SHA256
  
  b800631ab0db1e2535aaa0d6c0de2e170b40c2583758cdb47b18bee239a7df47
- SHA512
  
  0cf43f043d9dcfb9053a403e674ad38d35a318ef7644c6c6c6d00486550f4d512802c93a7a9429702ac931b3d6b7a9f0b20bf2b00702448a36170a8f34e421a8
- SSDEEP
  
  393216:Pk8W3++o4LKRlC7/xZ7ajek8W3++o4LKVTuaqXq563NBF0wO:O33ql84d33gqEWNf0b
Score

10^/10

lumma redline @ytlogsbot livetrafic infostealer stealer
- Detect Lumma Stealer payload V3
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lummaredline@ytlogsbotlivetraficinfostealerstealer

© 2018-2024

Terms | Privacy