General

  • Target

    b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4

  • Size

    1.5MB

  • Sample

    231213-tbsmssehar

  • MD5

    2a2c188847b06f275fb5ac1ad14b91de

  • SHA1

    39c40bc8122852b9b9aaa682629634148a2fc38e

  • SHA256

    b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4

  • SHA512

    1a909b75234f4e03d63ff4bb9fbc3048596fbbaebe2c13098e09f20c80a032e02c25934c86519cd981731de2c1409c95cbdd61d168cd9f84841cad9c6225aedd

  • SSDEEP

    24576:2yCGLMlf1nV3frc9rXrMQuWbnvsCD5PWe6hqgcyu1YfmfLf:FdLMlNnVAJXrMRmnvTtp6hqgcyuWfYL

Malware Config

Extracted

Family

lumma

C2

http://soupinterestoe.fun/api

http://dayfarrichjwclik.fun/api

http://neighborhoodfeelsa.fun/api

http://ratefacilityframw.fun/api

Targets

    • Target

      b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4

    • Size

      1.5MB

    • MD5

      2a2c188847b06f275fb5ac1ad14b91de

    • SHA1

      39c40bc8122852b9b9aaa682629634148a2fc38e

    • SHA256

      b4d534630be481bfacd7661909edc509008fcaf3611d162a3e0f18520992f9e4

    • SHA512

      1a909b75234f4e03d63ff4bb9fbc3048596fbbaebe2c13098e09f20c80a032e02c25934c86519cd981731de2c1409c95cbdd61d168cd9f84841cad9c6225aedd

    • SSDEEP

      24576:2yCGLMlf1nV3frc9rXrMQuWbnvsCD5PWe6hqgcyu1YfmfLf:FdLMlNnVAJXrMRmnvTtp6hqgcyuWfYL

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

MITRE ATT&CK Enterprise v15

Tasks