General

  • Target

    NEXSUS.zip

  • Size

    1.5MB

  • Sample

    240407-wy8cwaag9x

  • MD5

    834003b316fd75fbefb4240a60004c48

  • SHA1

    bc1da11ebd2c4f146667088188eeeacf67539cd8

  • SHA256

    46973e4dda2b1ec2cd464943621ce24a9eeaa0a5fbc96aaf6ead4d1c5d74be88

  • SHA512

    00b95945859d197137ad97d7cb7ab0d3d25d732da5338f254931cce09f3caf9c7f792cc63f0b546df3cd4aa1a46e3cd4526ab2b19285be3bd80af56ebed43686

  • SSDEEP

    49152:nH7H4tKADaDLye80uB3yLKWGuEL7qwNbZDmwN:nH7H8KA2viOTGuEL7pfl

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://cleartotalfisherwo.shop/api

https://worryfillvolcawoi.shop/api

https://enthusiasimtitleow.shop/api

https://dismissalcylinderhostw.shop/api

https://affordcharmcropwo.shop/api

https://diskretainvigorousiw.shop/api

https://communicationgenerwo.shop/api

https://pillowbrocccolipe.shop/api

Targets

    • Target

      starter.exe

    • Size

      20.7MB

    • MD5

      30f9bb44c0a9f92ae0d6951e01ac4618

    • SHA1

      1e0504e1437d99ee192b83d5166f8a80accb29fd

    • SHA256

      e84678ba2a1c0e67ec2f6de0a623ce28fc98651c0772473f29e4d4a505fe6333

    • SHA512

      f271105cbf000ecf511808df5a490c9dd456c8e11464539229c8c07faf4cddb08aec4c90a9f12b143035b2c0d898da878b08a7da6c1bf882f0846710c14ef5bd

    • SSDEEP

      12288:WhfdeB/kXhpRWdholHMURjbDMqVJH3N1CTm1a7lEy3qRYiLvDXHFS:O8kXh+slHMUR3DDH91CZ7lR+YO5S

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks