General

  • Target

    Laun4er__Pswrd---1231.rar

  • Size

    41.2MB

  • Sample

    240221-y1t95sfc76

  • MD5

    3d10c62113d2ec87c751e2dd67e61264

  • SHA1

    06fe2d11ef0901b9a248ef06b2c60c359333aed7

  • SHA256

    cfd40781f3f69a76ee270ab0f4a02acf173a22cbcd5cfa32da96a45f2d21b8f2

  • SHA512

    4b0ad5279c140a899a1eb18b144d5506554c86f67ddd34d2153cbb34a5f06a0e4be72e7f0cf6828f073c8eea92e2db7ea3146f62ea42ad3a2c1f9e1c566262cc

  • SSDEEP

    786432:J5zUS0cGAJofmd2ajW5nBQaeg4tqAjBE5UAbpd7ytXDA0J78QANaV2eIRoRwp:M8G+ofijWhbVA9EO6pdyZkM8QANeRwp

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://legatorypluralishrtw.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      Laun4er__Pswrd---1231.rar

    • Size

      41.2MB

    • MD5

      3d10c62113d2ec87c751e2dd67e61264

    • SHA1

      06fe2d11ef0901b9a248ef06b2c60c359333aed7

    • SHA256

      cfd40781f3f69a76ee270ab0f4a02acf173a22cbcd5cfa32da96a45f2d21b8f2

    • SHA512

      4b0ad5279c140a899a1eb18b144d5506554c86f67ddd34d2153cbb34a5f06a0e4be72e7f0cf6828f073c8eea92e2db7ea3146f62ea42ad3a2c1f9e1c566262cc

    • SSDEEP

      786432:J5zUS0cGAJofmd2ajW5nBQaeg4tqAjBE5UAbpd7ytXDA0J78QANaV2eIRoRwp:M8G+ofijWhbVA9EO6pdyZkM8QANeRwp

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks