Overview

overview

10

Static

static

3

Codex/AlphaFS.dll

windows7-x64

1

Codex/AlphaFS.dll

windows10-2004-x64

1

Codex/Codex.exe

windows7-x64

3

Codex/Codex.exe

windows10-2004-x64

10

Codex/libEGL.dll

windows7-x64

1

Codex/libEGL.dll

windows10-2004-x64

1

Codex/modu...47.dll

windows10-2004-x64

1

Codex/swif...GL.dll

windows7-x64

1

Codex/swif...GL.dll

windows10-2004-x64

1

Codex/swif...v2.dll

windows7-x64

1

Codex/swif...v2.dll

windows10-2004-x64

1

Codex/vulkan-1.dll

windows7-x64

1

Codex/vulkan-1.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Codex.rar

  • Size

    10.0MB

  • Sample

    240422-12wwgaha6w

  • MD5

    f0a839bb26f65ab596ae7f7b83786a8e

  • SHA1

    9a9f5d005d080ed3efaaad9ce1b8375e0e21c711

  • SHA256

    1bca3713ce29b2515d57f04fa578dd48376645844895f4e7c66c0d6e7c95da86

  • SHA512

    4c0d3fcfb94272774168f02b299d3658696352283371189927ff679078ffd343f85d428ab44f0cf412f6d1e60a92aed7dcfdbee3cda088eeb14fc5f330bf614f

  • SSDEEP

    196608:XFBGVAqpIv39SuHDCDhBCZTMyKEA44RzBS0EXCRSrieZUc5dHRgy6:XFB93BmDhQlInzUScOeU8diy6

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      Codex/AlphaFS.dll

    • Size

      359KB

    • MD5

      f2f6f6798d306d6d7df4267434b5c5f9

    • SHA1

      23be62c4f33fc89563defa20e43453b7cdfc9d28

    • SHA256

      837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd

    • SHA512

      1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211

    • SSDEEP

      6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d

    Score
    1/10
    behavioral1behavioral2

    • Target

      Codex/Codex.exe

    • Size

      467KB

    • MD5

      70f6d06865408e4ebecce19dab22ea8b

    • SHA1

      7a5be2cd521dd1e51730f058db4a3a58288fdd8f

    • SHA256

      80446b2068c39aed04c4af46d71013f5f2bd9f435cdae425a0a5c602def4fe74

    • SHA512

      9632ac36a52fbf9ac09e4aaf33b13dd8047a66f76d3c3302b27b66fb63b54c2479c5b10ad41740461af45607dca7c8dfffdff7eef999ced62851e8928026aa5b

    • SSDEEP

      12288:C0tmAIxuYBgt3BeqVXhEsbRejDfVbby7Mpt:9qw534gKsVe/tiwt

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Codex/libEGL.dll

    • Size

      431KB

    • MD5

      1ed91477a02e0e2a64e5e9f26bcea438

    • SHA1

      8058c2bd3342d8d882768188b1e5c45567a8dde9

    • SHA256

      a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03

    • SHA512

      c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

    • SSDEEP

      6144:gbSSlxpHPDSDwFRSHXEU4alu73cwp1MmJw7r2qVmTsR6Lbg3y:q9lxdPewF43EDaG+0TP3g3

    Score
    1/10
    behavioral5behavioral6

    • Target

      Codex/modules/x64/d3d/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      62a89e7867d853fee9ad07b7c9d64379

    • SHA1

      944a53602492187308352103d80ff27af1093abf

    • SHA256

      d412909f1b597045b856caecedfc677eb4708af00e5b70788a01fa6af49c09d9

    • SHA512

      7f66bf278222bf1079a3695ad55086ccc7d8b05d7db4f9a5bcbfe4ac8d82bc1a618b1c6dc675da61d47f48fce2b0670ce6f66db63e79e232604304cfc629d6d0

    • SSDEEP

      49152:FuupyuXyH+UquCXNNS5xUwZIe4GskWuyovqUfjyheLfRT5qSxvcZwfYYT3w4teA0:+RIovuTSxk8YeRvqak8Y

    Score
    1/10
    behavioral7

    • Target

      Codex/swiftshader/libEGL.dll

    • Size

      445KB

    • MD5

      e7c8cd0bc5305a7c3c2a2c1f689744e2

    • SHA1

      de20c6420bd838e13867bb37256e1b25bf365942

    • SHA256

      48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9

    • SHA512

      2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0

    • SSDEEP

      6144:RD5bSb+dOqrMEv3lKyEeWZJ+vAFpnLt53h30kjuhwZq0V:Sb+8qQEv3nInLt8CZtV

    Score
    1/10
    behavioral8behavioral9

    • Target

      Codex/swiftshader/libGLESv2.dll

    • Size

      3.0MB

    • MD5

      d9a5609d8da5bd558facf2617619ad2b

    • SHA1

      9debb66a376549ee795e9c049b3a685245e0a4b8

    • SHA256

      da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216

    • SHA512

      b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d

    • SSDEEP

      49152:X+H0cC+Ib0QRnvfENDNA+3eOAPf6dLO7MacKYTA+OV38dgnU4nWQ+qJmMsFLufbE:uH0ttRipIsBGM

    Score
    1/10
    behavioral10behavioral11

    • Target

      Codex/vulkan-1.dll

    • Size

      715KB

    • MD5

      9663210f63cbf7a8d6b36a95d93dd119

    • SHA1

      0fc5c50984b2c9677b8ebce4d4518c1322ce4145

    • SHA256

      de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88

    • SHA512

      a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

    • SSDEEP

      12288:x+Ru04Y7t/DlHZkyHQiKy99o1d+aXbF9r8PIoICdWG:xf1YZ/fkywby9m1IaXj8Ao

    Score
    1/10
    behavioral12behavioral13

MITRE ATT&CK Matrix

Tasks