General

  • Target

    @!File_2024_ṔḁṨṨẄṏṛḒ#.zip

  • Size

    22.1MB

  • Sample

    240226-pfvwhadf4v

  • MD5

    54adc8b4bc902c29258e462250da3422

  • SHA1

    1f347e91f1312ec0d479c1b0ac2dcfd1d3f5cc7f

  • SHA256

    40f9b17280190d2c7b1a24c7af8bba25645c5b237af018dfdf0b0abfb7cb2f2c

  • SHA512

    651a72b4a8deef2d7c9fa378d35afb57313fc96799068246ae2d71d8f67fd4205d1d77501847134091b4f76237c454b3e6d36f503d5604a2e3df09b412021371

  • SSDEEP

    393216:1XCAx/4rI0Tj4Q6FVVcmT5OIWxzbO4jvRV/ltcCSL8V8sp4ZzKyractX6LLM:oqqkQ6FVVcmTQFxz5vRZ/v3V99OkQ

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      @!File_2024_ṔḁṨṨẄṏṛḒ#/@!File_2024_ṔḁṨṨẄṏṛḒ#.rar

    • Size

      22.1MB

    • MD5

      c43807cf5f333c58b4e0d007fd3d6a10

    • SHA1

      ec2769974494035f47bb924fcd41487753f88af7

    • SHA256

      5daea0e236791d060252b4e08b7c5e287d448891187ea0ca2b802e4ea1af9834

    • SHA512

      2e6a0991206b0baa8192ff08f9c068a7151e7c283aeab9483ab58aef105a4b9fb1338f0f209493abb87cbcc3a12a7fa79cf51c2dfdacfd71a4dcd529fa27bcf0

    • SSDEEP

      393216:YXCAx/4rI0Tj4Q6FVVcmT5OIWxzbO4jvRV/ltcCSL8V8sp4ZzKyractX6LLc:lqqkQ6FVVcmTQFxz5vRZ/v3V99Ok4

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks