General

  • Target

    askew.zip

  • Size

    3.3MB

  • Sample

    240222-km6jcsfd76

  • MD5

    cf3eb43b920df93accfbe01fbf419cb6

  • SHA1

    1b67e138eb19ca82a0bf2d1545a576de0da1942d

  • SHA256

    b3a82223d5358099fa3be275454704dc654230179c48d3963bf8409edd50d3f8

  • SHA512

    0899b7226831c70fcfd13a4a2436f3cc2da5c3bdf759f26e2b74d3ba3afb531a541ec8d9fd1b5f451ba9d14e15c6888e69db4b30feedd1837dc8299966ace22e

  • SSDEEP

    98304:mbnliaNrm+stC44CHUCEM2382ryWNhZ5Z+X:mbhrNskZM237yWznMX

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://syncarpiajanapiom.fun/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      askew.zip

    • Size

      3.3MB

    • MD5

      cf3eb43b920df93accfbe01fbf419cb6

    • SHA1

      1b67e138eb19ca82a0bf2d1545a576de0da1942d

    • SHA256

      b3a82223d5358099fa3be275454704dc654230179c48d3963bf8409edd50d3f8

    • SHA512

      0899b7226831c70fcfd13a4a2436f3cc2da5c3bdf759f26e2b74d3ba3afb531a541ec8d9fd1b5f451ba9d14e15c6888e69db4b30feedd1837dc8299966ace22e

    • SSDEEP

      98304:mbnliaNrm+stC44CHUCEM2382ryWNhZ5Z+X:mbhrNskZM237yWznMX

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks