General

  • Target

    tmp

  • Size

    284KB

  • Sample

    240406-gmqalacb41

  • MD5

    f7165a52a041844db0b95da4a7f75d03

  • SHA1

    10600ae13ebdadc4fac423edef8d59d9dfd58e4e

  • SHA256

    c6030db29ca90d68093244ee0e1f77e6d0366630913f1fc651f599b16360451d

  • SHA512

    815633943702d1800cb9d295b9958cad8e0d2caa97b7e5790f8ec032bffb7e2d3a9c73d54b10134db19f299800deac722c05d7ca802159b74e464a1c129c73b1

  • SSDEEP

    6144:Lnb38rrCxKKNxbjGxTQm8lt9o1tpAh/7xY2mENDizSL3E9:zQyx/GJ8hotAh/7y2mWDquE

Malware Config

Extracted

Family

lumma

C2

https://cinemaclinicttanwk.shop/api

Targets

    • Target

      tmp

    • Size

      284KB

    • MD5

      f7165a52a041844db0b95da4a7f75d03

    • SHA1

      10600ae13ebdadc4fac423edef8d59d9dfd58e4e

    • SHA256

      c6030db29ca90d68093244ee0e1f77e6d0366630913f1fc651f599b16360451d

    • SHA512

      815633943702d1800cb9d295b9958cad8e0d2caa97b7e5790f8ec032bffb7e2d3a9c73d54b10134db19f299800deac722c05d7ca802159b74e464a1c129c73b1

    • SSDEEP

      6144:Lnb38rrCxKKNxbjGxTQm8lt9o1tpAh/7xY2mENDizSL3E9:zQyx/GJ8hotAh/7y2mWDquE

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks