Overview

overview

10

Static

static

3

FоrtniteH...ck.exe

windows10-2004-x64

10

FоrtniteH...-8.dll

windows10-2004-x64

1

FоrtniteH...16.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FоrtniteHack.zip

  • Size

    1.9MB

  • Sample

    240420-zfkqmshh9z

  • MD5

    0dcf4480f1df3300f08512f5b2f8db80

  • SHA1

    cdfbda645b49b7dc927e9ab892c60ff9164a577c

  • SHA256

    f08d18ef54c1c42e9f1cb1425cc338ebc8de44b3307713d9a688406630a33862

  • SHA512

    9a2fed856026d5b926d30940dcc09bb33ce7169aff4cc8efde8296f6636d2e4c318d91c028df81ae87d6119bf7681a6ca448278d6d58731dd6e97b8123107915

  • SSDEEP

    49152:BVUsgjbMDXDKxOGNTot192/nE6xARGIYc+mskJi+UjnmTO41v5tbn3:BVj4QDXDK4sot1A/DaskJrUTmC41Btb3

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      FоrtniteHack/FоrtniteHack/FоrtniteHack.exe

    • Size

      2.4MB

    • MD5

      98d67174a64d76751fe7f5f9b59acd0f

    • SHA1

      8ff6b05c0d393f398d8bf7f217b61ef4559e5051

    • SHA256

      2350036f4d3ada372336a56429281f96d7deefc637246ede1668ef6a33f7b4b1

    • SHA512

      55cf83aeb444d8a084987924fd808ca96b94aca405d261fb3702c78387298c5604f8fb8391affe6901a3875581c487ea46ab25ce589862b7cd7b8129e26867b9

    • SSDEEP

      49152:2uWXVMDdRolOyNTE91NaLnq6x8DGLyGC:hiSDdRoUYE910LJR

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      FоrtniteHack/FоrtniteHack/libnettle-8.dll

    • Size

      304KB

    • MD5

      7d656bf1de08addd054e728391ef3519

    • SHA1

      5067ca56b6abfdf410aa102495c1cf6d6484fbd8

    • SHA256

      1916c2878bdc6349d84d1c6c219a934926937fc23ceb77c97d88b945dc3d644a

    • SHA512

      0bb955e4800df357a2d46625ff9234712b283f1c27ba9ddef788569f06c031710d3e0df73e91f20db989d522f687d95f42d331fa85bfeac4ecd36347405a783d

    • SSDEEP

      6144:YmVFPSeCiKBNFkDk5X5lTqqDMwlFlwKuMN8:YYPSeCiyMk5/OqFl8MS

    Score
    1/10
    behavioral2

    • Target

      FоrtniteHack/FоrtniteHack/libpng16-16.dll

    • Size

      235KB

    • MD5

      342b5f5b3ba11e867f0765d8fb2789ab

    • SHA1

      57a95502936c033a667172ab3a73f9ce5a91651f

    • SHA256

      74d4708664ee397fe2b5be139792cd188857e4b61d399b9b4d9562f140b46f0d

    • SHA512

      8723d3a22daede770efc542a0efca284fede977abc0cb5b18712e076a2bd68504c032f395ec5643ccd189e76a30b7ee244a5448d60d8067555e16c51a7b64b8f

    • SSDEEP

      6144:PnClFOtV9yvLwdZRLFfn4lShPNEoDHHpwpFLhKN5:PBVQgRLFfPh1E+HpeKD

    Score
    1/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks