General

  • Target

    6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212

  • Size

    1.5MB

  • Sample

    231214-glpbxadbd6

  • MD5

    7beccb41de223340982f9114185b90bd

  • SHA1

    9292ef55c3ae01653ad82be5d2c216bfa800e059

  • SHA256

    6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212

  • SHA512

    28646e61054e0129f8a2a08067e573bc50fe27e406278ec2f62e9b0661a5539b39d860fe64620ac217a3c932cbe58c5078e2a9aa81c4bd4ef9c971ed7f6133a3

  • SSDEEP

    24576:tyqEIiTOufPnV3Lrc9zmBkTwfXn0btzkDbQp82LjWo9FvVA+hNs2jyqqYyuNYfuW:IzTR3nV0hmNfX0btzkDbQG2rrVA+hWav

Malware Config

Extracted

Family

lumma

C2

http://soupinterestoe.fun/api

http://dayfarrichjwclik.fun/api

http://neighborhoodfeelsa.fun/api

http://ratefacilityframw.fun/api

Targets

    • Target

      6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212

    • Size

      1.5MB

    • MD5

      7beccb41de223340982f9114185b90bd

    • SHA1

      9292ef55c3ae01653ad82be5d2c216bfa800e059

    • SHA256

      6da00bda1f57dfa8a109b1a9e96813e46c8b52d65e21c13d63a5a6ce71c89212

    • SHA512

      28646e61054e0129f8a2a08067e573bc50fe27e406278ec2f62e9b0661a5539b39d860fe64620ac217a3c932cbe58c5078e2a9aa81c4bd4ef9c971ed7f6133a3

    • SSDEEP

      24576:tyqEIiTOufPnV3Lrc9zmBkTwfXn0btzkDbQp82LjWo9FvVA+hNs2jyqqYyuNYfuW:IzTR3nV0hmNfX0btzkDbQG2rrVA+hWav

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

MITRE ATT&CK Enterprise v15

Tasks