lumma | 28794b11097d9740a1bfce3e06458bccdccc167ceb75a140b4d031d052528d10

General

Target

28794b11097d9740a1bfce3e06458bccdccc167ceb75a140b4d031d052528d10.exe
Size

5.1MB
Sample

240421-bdxenafb6s
MD5

c7eea9d0d8f7bf74bd7c25990458bcf8
SHA1

4a03f78ca6f3df3c692ad31d2bdee7cb58b86c3d
SHA256

28794b11097d9740a1bfce3e06458bccdccc167ceb75a140b4d031d052528d10
SHA512

f96c4065120546987623633edfbd3568207bb92c6740eded13f69809b388085d29702f32fe26069f661a671b7e43e4f6050876e7d2514f71a5ed866535dae0bc
SSDEEP

98304:HkCjNtZ5Zo/Lq84Ti1hG9mzE1HKzf9hdspe0GZNfb9eTGf:HkEP5e/Lq84Ti1I6E1HUcSvb9eTGf

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://rocketmusclesksj.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

- Target
  
  28794b11097d9740a1bfce3e06458bccdccc167ceb75a140b4d031d052528d10.exe
- Size
  
  5.1MB
- MD5
  
  c7eea9d0d8f7bf74bd7c25990458bcf8
- SHA1
  
  4a03f78ca6f3df3c692ad31d2bdee7cb58b86c3d
- SHA256
  
  28794b11097d9740a1bfce3e06458bccdccc167ceb75a140b4d031d052528d10
- SHA512
  
  f96c4065120546987623633edfbd3568207bb92c6740eded13f69809b388085d29702f32fe26069f661a671b7e43e4f6050876e7d2514f71a5ed866535dae0bc
- SSDEEP
  
  98304:HkCjNtZ5Zo/Lq84Ti1hG9mzE1HKzf9hdspe0GZNfb9eTGf:HkEP5e/Lq84Ti1I6E1HUcSvb9eTGf
Score

10^/10

lumma redline zgrat infostealer rat spyware stealer
- Detect ZGRat V1
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

Lumma Stealer

RedLine

RedLine payload

ZGRat

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2