General

  • Target

    !Fles-PAsw0rd__6644.zip

  • Size

    13.0MB

  • Sample

    240223-121vesaa42

  • MD5

    cbc7e106d3ea26e250bd50a9925f09b2

  • SHA1

    17a6e1e1d986e06e1b3e3c5a2de058e5cde1d14f

  • SHA256

    2e047c49c54e92b0033c5ad04cb23495d70949e78898c74a1c255fc1e5fdc988

  • SHA512

    c20ea2efa45678f6a75eaf0ec051af07410674cdc50034db8dd370ce9e0cbd8403b257264bb25ea93545f8fc5e54d58635bcc62bc9a58b7210587b57376ff5aa

  • SSDEEP

    393216:UyfIyk0d3UhS+rQzGVraIwYJpuRm2ZZkT0ky:UPP0d3UhwzuwYCRZST0ky

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://controlopposedcallyo.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      Ful_Activate_Setup.exe

    • Size

      3.3MB

    • MD5

      55076afc8f8de2df8f91fb2742bcda61

    • SHA1

      c848bb01e859163b08ce4f58994b3d814dfdf700

    • SHA256

      e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30

    • SHA512

      70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26

    • SSDEEP

      98304:WNdaWWhvT90MSGmHUkC+UH9txcv0HGM62OQy:WNdaWWhvZ0MhmHUkxUH9tx1HA

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks