General

  • Target

    https://ju8765rtyh.pro/?rmxwKjRD5Wdc7EMH8QY4zkT9OvfnBh0iCgsqNXulJ2ILtePV6Gbo3yZSUaFp-Xmf27iuV1bgY0lCZFeskxyDEUQHnLJBTOa-VdPSK7cAv3ZeQtaUkxl0O4EWMXjhYwry6IpiLgFbfuJ1HN58s9nD2CTRzoB

  • Sample

    240225-rqmnzsee4x

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      https://ju8765rtyh.pro/?rmxwKjRD5Wdc7EMH8QY4zkT9OvfnBh0iCgsqNXulJ2ILtePV6Gbo3yZSUaFp-Xmf27iuV1bgY0lCZFeskxyDEUQHnLJBTOa-VdPSK7cAv3ZeQtaUkxl0O4EWMXjhYwry6IpiLgFbfuJ1HN58s9nD2CTRzoB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks