lumma | f08d18ef54c1c42e9f1cb1425cc338ebc8de44b3307713d9a688406630a33862

General

Target

FоrtniteHack.zip
Size

1.9MB
Sample

240420-zfkqmshh9z
MD5

0dcf4480f1df3300f08512f5b2f8db80
SHA1

cdfbda645b49b7dc927e9ab892c60ff9164a577c
SHA256

f08d18ef54c1c42e9f1cb1425cc338ebc8de44b3307713d9a688406630a33862
SHA512

9a2fed856026d5b926d30940dcc09bb33ce7169aff4cc8efde8296f6636d2e4c318d91c028df81ae87d6119bf7681a6ca448278d6d58731dd6e97b8123107915
SSDEEP

49152:BVUsgjbMDXDKxOGNTot192/nE6xARGIYc+mskJi+UjnmTO41v5tbn3:BVj4QDXDK4sot1A/DaskJrUTmC41Btb3

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

- Target
  
  FоrtniteHack/FоrtniteHack/FоrtniteHack.exe
- Size
  
  2.4MB
- MD5
  
  98d67174a64d76751fe7f5f9b59acd0f
- SHA1
  
  8ff6b05c0d393f398d8bf7f217b61ef4559e5051
- SHA256
  
  2350036f4d3ada372336a56429281f96d7deefc637246ede1668ef6a33f7b4b1
- SHA512
  
  55cf83aeb444d8a084987924fd808ca96b94aca405d261fb3702c78387298c5604f8fb8391affe6901a3875581c487ea46ab25ce589862b7cd7b8129e26867b9
- SSDEEP
  
  49152:2uWXVMDdRolOyNTE91NaLnq6x8DGLyGC:hiSDdRoUYE910LJR
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  FоrtniteHack/FоrtniteHack/libnettle-8.dll
- Size
  
  304KB
- MD5
  
  7d656bf1de08addd054e728391ef3519
- SHA1
  
  5067ca56b6abfdf410aa102495c1cf6d6484fbd8
- SHA256
  
  1916c2878bdc6349d84d1c6c219a934926937fc23ceb77c97d88b945dc3d644a
- SHA512
  
  0bb955e4800df357a2d46625ff9234712b283f1c27ba9ddef788569f06c031710d3e0df73e91f20db989d522f687d95f42d331fa85bfeac4ecd36347405a783d
- SSDEEP
  
  6144:YmVFPSeCiKBNFkDk5X5lTqqDMwlFlwKuMN8:YYPSeCiyMk5/OqFl8MS
Score

1^/10
behavioral2
- Target
  
  FоrtniteHack/FоrtniteHack/libpng16-16.dll
- Size
  
  235KB
- MD5
  
  342b5f5b3ba11e867f0765d8fb2789ab
- SHA1
  
  57a95502936c033a667172ab3a73f9ce5a91651f
- SHA256
  
  74d4708664ee397fe2b5be139792cd188857e4b61d399b9b4d9562f140b46f0d
- SHA512
  
  8723d3a22daede770efc542a0efca284fede977abc0cb5b18712e076a2bd68504c032f395ec5643ccd189e76a30b7ee244a5448d60d8067555e16c51a7b64b8f
- SSDEEP
  
  6144:PnClFOtV9yvLwdZRLFfn4lShPNEoDHHpwpFLhKN5:PBVQgRLFfPh1E+HpeKD
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Loads dropped DLL

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3