General

  • Target

    RClient.exe

  • Size

    734.0MB

  • Sample

    240505-rcf92sca7y

  • MD5

    5344aa62e1e2c009eec2947b439150e7

  • SHA1

    0442f6ad2de5f6e801e063929db95c1410907d08

  • SHA256

    94c2ffc0e88f2d574819b6995845d212d96594bc2e718219171f8e846ab84b98

  • SHA512

    f35366ec7bd463ef6cdcc3c374ab2fc5a64fe3ddcea235d7269ff20724242d7bd192edfaa798129e2fd331d7ececd2fce9bb8a299327632fccd21206e3936100

  • SSDEEP

    24576:jMwzbo5FiC54ag8p3Sjtbnx7iwAZeDSrMQKhju8be4yTp0P4H:jMwHEF1lg8p3CF0k3hjuAz4KK

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://chunkylopsidedwos.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Targets

    • Target

      RClient.exe

    • Size

      734.0MB

    • MD5

      5344aa62e1e2c009eec2947b439150e7

    • SHA1

      0442f6ad2de5f6e801e063929db95c1410907d08

    • SHA256

      94c2ffc0e88f2d574819b6995845d212d96594bc2e718219171f8e846ab84b98

    • SHA512

      f35366ec7bd463ef6cdcc3c374ab2fc5a64fe3ddcea235d7269ff20724242d7bd192edfaa798129e2fd331d7ececd2fce9bb8a299327632fccd21206e3936100

    • SSDEEP

      24576:jMwzbo5FiC54ag8p3Sjtbnx7iwAZeDSrMQKhju8be4yTp0P4H:jMwHEF1lg8p3CF0k3hjuAz4KK

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks