General

  • Target

    ExpLauncher.zip

  • Size

    5.6MB

  • Sample

    240428-nq3teseh91

  • MD5

    0a2a34ccba0f21a425c4a6ec53bcd2a3

  • SHA1

    9f4fb4c618b1799e789209bf456c5c5939021599

  • SHA256

    62f14a31d8b9baada6ee4b48cc8fc0dbef0079b4543f33c1e904f31a35ab2561

  • SHA512

    de317905df8144080d427b57482793b8c1e75b9855a58afd3156bd27c7fc01022adf01f56a5f15ec834d4295d61eb4a546212d930d6ebc9afa8deb7f05838845

  • SSDEEP

    98304:7D6atiKWki0YiPmj6DF81TGWuRh2G67HVdeGy9fH34569yHMsz4S89mGj53Up9Ef:XgKs0Yfj6D8uH2GoEf9w55H34SluEE5R

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://auctiongutollyjkui.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      ExpLauncher/Launcher.dll

    • Size

      7.5MB

    • MD5

      cbb81f28c5a509e4f7e3e44bc7da74f8

    • SHA1

      47145f07bc7d0083d3bd13a9da44bac740952029

    • SHA256

      413bf9c2cff6fe7b97eae199683df7f6d648fad4c25cb6d0b7dce335eb69edba

    • SHA512

      bc863ebb2f5fd66f342be8befb49889dd275adb15cff95ed378e185190091589c8d1d7a8902ca889a7b2af81588c731bfa0a930f074fecadd9b47a082966079c

    • SSDEEP

      98304:koD5geAsEDKN0xOLy2MsmCkQejop7PGXleggxF:kfD/mexOLy0GoNPGXledT

    Score
    1/10
    • Target

      ExpLauncher/Launcher.exe

    • Size

      507KB

    • MD5

      df1bf2702959ac8ccb6c02baa0ccad6f

    • SHA1

      26c45e7cbd9a6d517a4edf6abb3efdb3a0199905

    • SHA256

      15f1881adb5f4f71fe77e478ff9f7c06e20c3b3d76152f9e7adac192a7cdea86

    • SHA512

      825bc9b3b2593ea9cc39ca22943a24f422f9e26197abcb0fc1fffc5fbd0358083db261e28a16683dede67510287aaa37ec454bf5d4f5cda5986d09105e23f011

    • SSDEEP

      12288:lbb0C98IHqLKz3w9vFVkcSo7USghCoRRIE0C3QeLXtC:CCVKwAzHSo7TSRT3Qe5

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks