General

  • Target

    FоrtniteHack.rar

  • Size

    478KB

  • Sample

    240225-aw5cjshh8y

  • MD5

    c5f981bd03c41727387fafc51c0e7733

  • SHA1

    36311d10792d81692027605c3bfa017dcd47fa59

  • SHA256

    f78001da911cf47b929b3d97dcad6cea0bde92ab02087f80694dfebc8ce9aae2

  • SHA512

    672867d2d1b01afed7e4b3dc6811bd98d0658d984dae257b32acca9d1f8e41c277347142931bf2e34b354ec0026af8b786c20fb6ba5042c461ac5728feed5de4

  • SSDEEP

    12288:40RLfXcLUqW7p47JIcwwaNU9pwsARjze6ItiMSruB:4+LfEUP0JIHw6/pCSO

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      FоrtniteHack.rar

    • Size

      478KB

    • MD5

      c5f981bd03c41727387fafc51c0e7733

    • SHA1

      36311d10792d81692027605c3bfa017dcd47fa59

    • SHA256

      f78001da911cf47b929b3d97dcad6cea0bde92ab02087f80694dfebc8ce9aae2

    • SHA512

      672867d2d1b01afed7e4b3dc6811bd98d0658d984dae257b32acca9d1f8e41c277347142931bf2e34b354ec0026af8b786c20fb6ba5042c461ac5728feed5de4

    • SSDEEP

      12288:40RLfXcLUqW7p47JIcwwaNU9pwsARjze6ItiMSruB:4+LfEUP0JIHw6/pCSO

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      FоrtniteHack/FоrtniteHack.exe

    • Size

      468KB

    • MD5

      8b852cbf0b1bbf444ebd2c77f552c805

    • SHA1

      3d8211d3d0dc7160c5a521bb33f4798f1f5eb645

    • SHA256

      6c9b77655d90734fc9754ba92c004e80bbb662e325a42954a4df065f1384005c

    • SHA512

      e50fead8f489a2b0998d55dc584b548456a8e06cc47710e258c4a6a5ade76ea1c2454c0408f62d83e6d999b16e2fd7aed8d48928ccd19e8b7d1fb863cde73166

    • SSDEEP

      12288:TgG0n+NMoSDsim+8/Ndwtul/QmDaPJ4D6fdKtiDFNfUVHmA:Z0n+NMoSTmPFdip4UKtuNC3

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Target

      FоrtniteHack/libnettle-8.dll

    • Size

      304KB

    • MD5

      7d656bf1de08addd054e728391ef3519

    • SHA1

      5067ca56b6abfdf410aa102495c1cf6d6484fbd8

    • SHA256

      1916c2878bdc6349d84d1c6c219a934926937fc23ceb77c97d88b945dc3d644a

    • SHA512

      0bb955e4800df357a2d46625ff9234712b283f1c27ba9ddef788569f06c031710d3e0df73e91f20db989d522f687d95f42d331fa85bfeac4ecd36347405a783d

    • SSDEEP

      6144:YmVFPSeCiKBNFkDk5X5lTqqDMwlFlwKuMN8:YYPSeCiyMk5/OqFl8MS

    Score
    1/10
    • Target

      FоrtniteHack/libpng16-16.dll

    • Size

      235KB

    • MD5

      342b5f5b3ba11e867f0765d8fb2789ab

    • SHA1

      57a95502936c033a667172ab3a73f9ce5a91651f

    • SHA256

      74d4708664ee397fe2b5be139792cd188857e4b61d399b9b4d9562f140b46f0d

    • SHA512

      8723d3a22daede770efc542a0efca284fede977abc0cb5b18712e076a2bd68504c032f395ec5643ccd189e76a30b7ee244a5448d60d8067555e16c51a7b64b8f

    • SSDEEP

      6144:PnClFOtV9yvLwdZRLFfn4lShPNEoDHHpwpFLhKN5:PBVQgRLFfPh1E+HpeKD

    Score
    1/10
    • Target

      FоrtniteHack/libraryfolder.vdf

    • Size

      125B

    • MD5

      8760dccce6639e32519fae960c77e4c6

    • SHA1

      9b21a349868ebcb3c11764e12366d7f301cdff93

    • SHA256

      44d80569fa294e24ae57f189fe5a587f51e46e3ee2360b888b44d69b516c89b4

    • SHA512

      a980c5e8809b32606849e97a95b3a4b5e9e8b131cf69cd36fc60275ad7173eceaad3fc3a6fa03cc0cafbc2545076172e983c0734637ca11374f3e7f1bceadb84

    Score
    3/10
    • Target

      FоrtniteHack/options.txt

    • Size

      4KB

    • MD5

      65fb590f1386c03a055d6dec92694a11

    • SHA1

      1150a89ec66cba8f5f1c4298dbba3ead338e9824

    • SHA256

      844b5770d897dce925425aa264669840a2c726c11a7dedffa5f079f67dfea52c

    • SHA512

      be46912c945282bdd38d464b9e3dbd866857f87530a87b26ccdc1a0424d2187424c9af0ec9c5f7488cddef905fcb0a5c5df46af49a98351aa2862c6cca8089be

    • SSDEEP

      96:NRwKRxQVwRC8u6jIDv6bY3PyNbnUwiUQ4H6PDhD53jCDa2jADUj/WM6t62gKguYj:vPDtcv6bY3PyNbnUwiUQ4aPDhD53uDTd

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks