General

  • Target

    LaunchBFH.exe

  • Size

    927KB

  • Sample

    240225-nryk4aaf65

  • MD5

    d3c1c1a07fc43292e7e29e57c752d4c5

  • SHA1

    378c2bf9ece8f5db60f56fda569d24c413d64b55

  • SHA256

    80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684

  • SHA512

    d16e8e1da988314de0a130d67fe9f8eacd4c49084ed8e122ad11b2a8e0401fc1e1d1bd48f1cacd9742a447719390d93b5c1d32ef366502553a162740f3978adb

  • SSDEEP

    12288:SdPEXbCuPYDfFyTxAgY1jggLXKHeH82f3Mp6ot7amxgtxBR3Z2txznbQb0YNDSry:SlEXbCjFjgYlyFW3Mam6txBe91fPQ+Te

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://assumptionflattyou.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      LaunchBFH.exe

    • Size

      927KB

    • MD5

      d3c1c1a07fc43292e7e29e57c752d4c5

    • SHA1

      378c2bf9ece8f5db60f56fda569d24c413d64b55

    • SHA256

      80441fcf20760b653d36c4bc78c58c9e05b190e811767c7ed523a904e53b0684

    • SHA512

      d16e8e1da988314de0a130d67fe9f8eacd4c49084ed8e122ad11b2a8e0401fc1e1d1bd48f1cacd9742a447719390d93b5c1d32ef366502553a162740f3978adb

    • SSDEEP

      12288:SdPEXbCuPYDfFyTxAgY1jggLXKHeH82f3Mp6ot7amxgtxBR3Z2txznbQb0YNDSry:SlEXbCjFjgYlyFW3Mam6txBe91fPQ+Te

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks