General

  • Target

    WerboPack.rar

  • Size

    20.5MB

  • Sample

    240407-vsd2eahh87

  • MD5

    40a10902d1d28bbde2f14125c02e9728

  • SHA1

    4fdf498b1fed83467b3c3028c8332596f95f8ff6

  • SHA256

    40f16ab6bb3d428d1398163549e5cf817374a75aacf174c7f357c0056c51b2c1

  • SHA512

    72820869609f11edf7bff47dc791cb81ebbab05f664b106ce162a7d46ad40845f78d8414a2bba16e474fd63f38be6ed1fa0f5ac947068e3b880ccf1f1b515504

  • SSDEEP

    393216:7RXYtxjkyCUnApsKjRP65FombK1Mc/PaePQNhZkdDBdyzJSUtL88yFq:7hY7d/nKsgRPsomuP/PtPQhKDBkNSq8a

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://birdpenallitysydw.shop/api

https://cinemaclinicttanwk.shop/api

https://disagreemenywyws.shop/api

https://speedparticipatewo.shop/api

https://fixturewordbakewos.shop/api

https://colorprioritytubbew.shop/api

https://abuselinenaidwjuew.shop/api

https://methodgreenglassdatw.shop/api

Targets

    • Target

      WerboPack.rar

    • Size

      20.5MB

    • MD5

      40a10902d1d28bbde2f14125c02e9728

    • SHA1

      4fdf498b1fed83467b3c3028c8332596f95f8ff6

    • SHA256

      40f16ab6bb3d428d1398163549e5cf817374a75aacf174c7f357c0056c51b2c1

    • SHA512

      72820869609f11edf7bff47dc791cb81ebbab05f664b106ce162a7d46ad40845f78d8414a2bba16e474fd63f38be6ed1fa0f5ac947068e3b880ccf1f1b515504

    • SSDEEP

      393216:7RXYtxjkyCUnApsKjRP65FombK1Mc/PaePQNhZkdDBdyzJSUtL88yFq:7hY7d/nKsgRPsomuP/PtPQhKDBkNSq8a

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks