General

  • Target

    updater.msi.zip

  • Size

    5.0MB

  • Sample

    240227-myjvvafd2y

  • MD5

    b10e825fe265911e6ac5462ba2b2556b

  • SHA1

    bce2a35258669855043e235fdeb35341d98000ee

  • SHA256

    c5a3407d4fe90acb290604aa260d14f5d5fa44473c39944a05c348c94f9a6da0

  • SHA512

    ba98cdb21608f194114baeacfbe836975eb45dc79023939cffda2065a2400a9d4d53e5dcc323492ecd8ab1c53acfd84d09bcb6e11ac1b16f2e64cb0464eb93f7

  • SSDEEP

    98304:dVmfRrsjpo2GGei9niDWbDlqQxJjii4dZ6tbRPaodiMGxrBbDL832sfyUDC:nmGjAXDWVqqJM6pRPaZMGrbDE2TUDC

Score
10/10

Malware Config

Extracted

Family

lumma

C2

http://zamesblack.fun/api

https://zamesblack.fun/api

Targets

    • Target

      updater.msi

    • Size

      8.3MB

    • MD5

      4b274f5177add19e1354e8ce7bc018de

    • SHA1

      80b5ce160232d37407a4888860be4bccc019b27a

    • SHA256

      a8c50ffe3602a16f747b8b19fb51883f25aa6d9f53f9f2c8fd73e0f6bda4218f

    • SHA512

      9c7cea2671ef94954ba751160167486c4651511a519f2413683626f791b485d259399cfd880ec15b5618dc9ad64305db1d2d0299bd0f5fe8c6db21c51494ff18

    • SSDEEP

      98304:VkIe+YjNoLRunRYsIdn3dZYs2cKkFPOlzBIlq8mBE9cl1C8XPS99:hdIQRunq3jymc8GzC8Xqv

    Score
    10/10
    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks