General

  • Target

    302ec5af12ccc15b5771b3ed2b951ddc708f757c2103a1d6e71790f03902025e.unknown

  • Size

    73KB

  • Sample

    240227-fv4brahe3z

  • MD5

    d5f4e13e7b8a0d81a36b2788271894b8

  • SHA1

    df4b3c0c6acad446b1df50bdba61fc22313748be

  • SHA256

    302ec5af12ccc15b5771b3ed2b951ddc708f757c2103a1d6e71790f03902025e

  • SHA512

    bda4a2852259873eef6fda79f1e122fda3a04f8e3cf3ca611134901af555ada10d783d86ffd8723c4f75af158a64626fb78bb7cbbf5a53a8ceaf9326a5da3f81

  • SSDEEP

    768:ESE2T0mcfIRTUI9XTV4jnl20LgGVO+/unhi1zOz:3E2T3cy79XTVmnI0kG8ti5Oz

Malware Config

Extracted

Family

lumma

C2

https://executivebrakeji.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      302ec5af12ccc15b5771b3ed2b951ddc708f757c2103a1d6e71790f03902025e.unknown

    • Size

      73KB

    • MD5

      d5f4e13e7b8a0d81a36b2788271894b8

    • SHA1

      df4b3c0c6acad446b1df50bdba61fc22313748be

    • SHA256

      302ec5af12ccc15b5771b3ed2b951ddc708f757c2103a1d6e71790f03902025e

    • SHA512

      bda4a2852259873eef6fda79f1e122fda3a04f8e3cf3ca611134901af555ada10d783d86ffd8723c4f75af158a64626fb78bb7cbbf5a53a8ceaf9326a5da3f81

    • SSDEEP

      768:ESE2T0mcfIRTUI9XTV4jnl20LgGVO+/unhi1zOz:3E2T3cy79XTVmnI0kG8ti5Oz

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • UAC bypass

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks