Overview

overview

10

Static

static

3

cafdc98076...cs.exe

windows7-x64

7

cafdc98076...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cafdc98076941c6ece72b074279ed960_NeikiAnalytics

  • Size

    594KB

  • Sample

    240509-xlcwwacg44

  • MD5

    cafdc98076941c6ece72b074279ed960

  • SHA1

    690129fee529cdfa4a15ba51b7964c0dcee8b896

  • SHA256

    1f778b612086d25904decc12c95fa87d7a18a51272372b678a2dfadd4f593357

  • SHA512

    c468af8cc2699159d4b27a0b3d6f2110c4855773bc2229f7b3bc8ded21d554812a3772a62ef289e626472dd0cf21d941c255f288b1516d9e4bf2fc60288e3d34

  • SSDEEP

    12288:UzTl4S0IM2JhsLR2FMwavsjlE2C7frJxSZwKhS8FBz1m5L1ho/9/3007HjPIqdxu:U10IMt2FMw8

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Targets

    • Target

      cafdc98076941c6ece72b074279ed960_NeikiAnalytics

    • Size

      594KB

    • MD5

      cafdc98076941c6ece72b074279ed960

    • SHA1

      690129fee529cdfa4a15ba51b7964c0dcee8b896

    • SHA256

      1f778b612086d25904decc12c95fa87d7a18a51272372b678a2dfadd4f593357

    • SHA512

      c468af8cc2699159d4b27a0b3d6f2110c4855773bc2229f7b3bc8ded21d554812a3772a62ef289e626472dd0cf21d941c255f288b1516d9e4bf2fc60288e3d34

    • SSDEEP

      12288:UzTl4S0IM2JhsLR2FMwavsjlE2C7frJxSZwKhS8FBz1m5L1ho/9/3007HjPIqdxu:U10IMt2FMw8

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks