General

  • Target

    Mia_Khalifa 18+.zip

  • Size

    67.8MB

  • Sample

    240221-v1gghace93

  • MD5

    48bde2cde8d0239e50da3612ccb0cc51

  • SHA1

    9b3fec60f264dcd99a31141c8a2bcb0a09f2bff6

  • SHA256

    3729104fc485ea9c5a752f6de9226ad5add663f528b8114050d0f958a68ae774

  • SHA512

    fd78a61b32d2fa1aeae80b375189b84d3e30852bdf770b78c4c6d05a91d02c196872da8c71a09058f812e07c4faaf1f699a58ab606a84cddf2baa2818bcaaee9

  • SSDEEP

    1572864:QITfzLPkhaZfjzOo534Y9Qocnw5p78Lx6rP514ReSHneyISp:QGfH3yo5x9Jcnw5pIteBeMSHeo

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://gemcreedarticulateod.shop/api

https://secretionsuitcasenioise.shop/api

https://claimconcessionrebe.shop/api

https://liabilityarrangemenyit.shop/api

Targets

    • Target

      Mia_Khalifa 18+.zip

    • Size

      67.8MB

    • MD5

      48bde2cde8d0239e50da3612ccb0cc51

    • SHA1

      9b3fec60f264dcd99a31141c8a2bcb0a09f2bff6

    • SHA256

      3729104fc485ea9c5a752f6de9226ad5add663f528b8114050d0f958a68ae774

    • SHA512

      fd78a61b32d2fa1aeae80b375189b84d3e30852bdf770b78c4c6d05a91d02c196872da8c71a09058f812e07c4faaf1f699a58ab606a84cddf2baa2818bcaaee9

    • SSDEEP

      1572864:QITfzLPkhaZfjzOo534Y9Qocnw5p78Lx6rP514ReSHneyISp:QGfH3yo5x9Jcnw5pIteBeMSHeo

    Score
    1/10
    • Target

      Mia_Khalifa 18+.msi

    • Size

      64.5MB

    • MD5

      a347250844a6e54c27bd5fcc464dae85

    • SHA1

      3b27a896233eb882d1475f773836bf69d1c3bddf

    • SHA256

      bfa7a13a97f61cc63ae748ad806978d11391a5c17b1a8a8f4fbaadf07f4e0891

    • SHA512

      9b9b3776ee46ed61bb9ecf8b9c04a4607097c88a873616ab83b21c5a1fde304424191d5399899b1665f9d99824d3243e3cc29a9358a857872c93f7e6aa0a5935

    • SSDEEP

      1572864:Y4pJnZxr9EOH5skMiNRvKT8SVNWX/nNKRtYA3X8gHAn/VIK:YgJL3svi3iTNVNWX/n0rDnNgn/G

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks