Overview

overview

10

Static

static

3

norecoil script.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    norecoil script.exe

  • Size

    316KB

  • Sample

    240420-vl5ksadg2y

  • MD5

    8b730495ac0cdee27dbf2f7208138d3f

  • SHA1

    1c5b64c2b264ab43fab933177c451a9dcb7d2b43

  • SHA256

    c0a167af284867cf1d0ffa9162a945cd1feb5bd2857c95caa4cc5d8cfec26476

  • SHA512

    7ccff1526bf7cf197cb2da77bf39c041a88d49b04e050cbec0b0cdadee18a8ee4a7e56b09a35fa22e46de528fd8a9c566bba4b1c856b7ffb3a5e638430cc0cbf

  • SSDEEP

    6144:pxTruR4yVpzDhb1rvPUrzNeGy8/XRsLOM8yMXX7DmxvX:pxnu5zzrIzEUXmCM8yMX0

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

    • Target

      norecoil script.exe

    • Size

      316KB

    • MD5

      8b730495ac0cdee27dbf2f7208138d3f

    • SHA1

      1c5b64c2b264ab43fab933177c451a9dcb7d2b43

    • SHA256

      c0a167af284867cf1d0ffa9162a945cd1feb5bd2857c95caa4cc5d8cfec26476

    • SHA512

      7ccff1526bf7cf197cb2da77bf39c041a88d49b04e050cbec0b0cdadee18a8ee4a7e56b09a35fa22e46de528fd8a9c566bba4b1c856b7ffb3a5e638430cc0cbf

    • SSDEEP

      6144:pxTruR4yVpzDhb1rvPUrzNeGy8/XRsLOM8yMXX7DmxvX:pxnu5zzrIzEUXmCM8yMX0

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks