General

  • Target

    YzE0OTBhZjk1ZmFmMjVhYmE0MzQwZWVmYmZkOGE2YjE.zip

  • Size

    16.2MB

  • Sample

    240226-qda9raef9s

  • MD5

    082e947416f5ee7d055b9240661ecec8

  • SHA1

    7427d2fc7ccbb73a02a407fbfe15cea152ddd2e3

  • SHA256

    ca42f3222eb97df4ae3cc73e4e9ffbc816f6cb30aece586eac7d7722c66d9b11

  • SHA512

    b61b3bed9e9b0dd5b5b712130db2810f136a050ea03a26ee3bd5eec810f097bc3a8c67685c6eea8f298c618dd7379c01400233ca59c1ddb52dd619ec1123d30b

  • SSDEEP

    393216:eT+6k58KX8dAT+6k58KX8daT+6k58KX8dUT+6k58KX8dO:56k58IQ6k58Iy6k58Ig6k58ID

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      YzE0OTBhZjk1ZmFmMjVhYmE0MzQwZWVmYmZkOGE2YjE.zip

    • Size

      16.2MB

    • MD5

      082e947416f5ee7d055b9240661ecec8

    • SHA1

      7427d2fc7ccbb73a02a407fbfe15cea152ddd2e3

    • SHA256

      ca42f3222eb97df4ae3cc73e4e9ffbc816f6cb30aece586eac7d7722c66d9b11

    • SHA512

      b61b3bed9e9b0dd5b5b712130db2810f136a050ea03a26ee3bd5eec810f097bc3a8c67685c6eea8f298c618dd7379c01400233ca59c1ddb52dd619ec1123d30b

    • SSDEEP

      393216:eT+6k58KX8dAT+6k58KX8daT+6k58KX8dUT+6k58KX8dO:56k58IQ6k58Iy6k58Ig6k58ID

    Score
    1/10
    • Target

      ODc3ZDBiMmIwYTY5YmU1NTMwMDBmZGUxOTJiM2M5MDc.exe

    • Size

      4.1MB

    • MD5

      615e5f53a8973eff983aafdc746c5a07

    • SHA1

      927123a837a4110263320384c8a109b3c036c6cb

    • SHA256

      f785ca153f791e5996494ebf3c224e84f425e9a7338f08949ebe7edb2c99d7d7

    • SHA512

      24ad4219f195df9138d4a20baee4cc24f12cfe9f9a1ceb2cf375ded7a564090db9c87d82c3a851864226ce44906a32831c5e68298de01230c215193cd5519052

    • SSDEEP

      98304:szYVHLHegg3VTL4kOIlBsc4YY6IqKSc5J5yxA3bCrB:YYxHkL4UXsc4v+KSc5JkxGbCrB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

    • Target

      YTEyNjUwYzQ0OWVjODZiNDE2N2Y2ZjgwN2YxMDY1ZmU.exe

    • Size

      4.1MB

    • MD5

      615e5f53a8973eff983aafdc746c5a07

    • SHA1

      927123a837a4110263320384c8a109b3c036c6cb

    • SHA256

      f785ca153f791e5996494ebf3c224e84f425e9a7338f08949ebe7edb2c99d7d7

    • SHA512

      24ad4219f195df9138d4a20baee4cc24f12cfe9f9a1ceb2cf375ded7a564090db9c87d82c3a851864226ce44906a32831c5e68298de01230c215193cd5519052

    • SSDEEP

      98304:szYVHLHegg3VTL4kOIlBsc4YY6IqKSc5J5yxA3bCrB:YYxHkL4UXsc4v+KSc5JkxGbCrB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

    • Target

      YWQxNmIyY2RjN2UyYTc2NzE4NDNhYzk5ZTkxOTk4ZWE.exe

    • Size

      4.1MB

    • MD5

      615e5f53a8973eff983aafdc746c5a07

    • SHA1

      927123a837a4110263320384c8a109b3c036c6cb

    • SHA256

      f785ca153f791e5996494ebf3c224e84f425e9a7338f08949ebe7edb2c99d7d7

    • SHA512

      24ad4219f195df9138d4a20baee4cc24f12cfe9f9a1ceb2cf375ded7a564090db9c87d82c3a851864226ce44906a32831c5e68298de01230c215193cd5519052

    • SSDEEP

      98304:szYVHLHegg3VTL4kOIlBsc4YY6IqKSc5J5yxA3bCrB:YYxHkL4UXsc4v+KSc5JkxGbCrB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

    • Target

      YzE0OTBhZjk1ZmFmMjVhYmE0MzQwZWVmYmZkOGE2YjE.exe

    • Size

      4.1MB

    • MD5

      615e5f53a8973eff983aafdc746c5a07

    • SHA1

      927123a837a4110263320384c8a109b3c036c6cb

    • SHA256

      f785ca153f791e5996494ebf3c224e84f425e9a7338f08949ebe7edb2c99d7d7

    • SHA512

      24ad4219f195df9138d4a20baee4cc24f12cfe9f9a1ceb2cf375ded7a564090db9c87d82c3a851864226ce44906a32831c5e68298de01230c215193cd5519052

    • SSDEEP

      98304:szYVHLHegg3VTL4kOIlBsc4YY6IqKSc5J5yxA3bCrB:YYxHkL4UXsc4v+KSc5JkxGbCrB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks