lumma | 14abc00e02cdb2b79ab7add0eacded507ce221f6be30983f39d35971b98b003f

General

Target

10.zip
Size

1.7MB
Sample

240513-m5y84sbe2v
MD5

ab4e2ba0337b5bbe74a318bdf7530757
SHA1

56a7041f8608f5fb04986a13193ea23d2bd43b65
SHA256

14abc00e02cdb2b79ab7add0eacded507ce221f6be30983f39d35971b98b003f
SHA512

c34904579d646b51ae7155110973e4940b6dc761c85f06deac08387f58648261835cb33aa8717b1440f75a598e56a32e6e2a7c168921f951eea3ac04e2f85754
SSDEEP

49152:gOqU3UBSxBXF5JYpkjlA1oe5JsqxoEVrOXrrvJQ:0UP1/hEooJFeCS2

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://cassetteprodueiwo.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Extracted

Family

redline

Botnet

@lubitel_vina

C2

147.45.47.93:80

Targets

- Target
  
  10
- Size
  
  1.2MB
- MD5
  
  8477eafd2be573d807b8c32fee286686
- SHA1
  
  c50767f89f8b793299ca235af4897e6ae3fa2365
- SHA256
  
  5eed47f3220c6af864a9c00083d1cbe259cb475bbf7bc4b2fb5a43531ee378be
- SHA512
  
  0f5f95610c6c60258db605850f66860bbb02b0ea7d4b30d30bae244f45781dd4b2efff281468ce5116e56a5202fce088ecce001e96b2926a98e588b58888efb3
- SSDEEP
  
  24576:EBXCi7JIK8li6v93OhlvTMsY5BeDXx398RQT265IOGsZ:EBSJli6v93OLiux5Tr5msZ
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  84
- Size
  
  1.2MB
- MD5
  
  76d4c89a924ca96a4db65a522147f75e
- SHA1
  
  1e004f69ef569a18658315c5afc08c8580ebda9c
- SHA256
  
  13820ab5054e6bd8631b6f04c151cd9199fa618b9e2b419d9a10ef9766d99058
- SHA512
  
  63db12832ccfe3bdc402a89e7e306ccead0f918eca43963214d638dea8261a9d52f0c2595db16d2874c989a390ee04db11477689255ec4d197f177a29774c68b
- SSDEEP
  
  24576:tlrDKi6JIK8luK3932JE9bMsYpZSD0GDxcCZ1oXM2VIisE:tlaKluK3932K6U+a1o7sE
Score

10^/10

redline @lubitel_vina discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  D2
- Size
  
  1.2MB
- MD5
  
  93b842eb7c577b84bb8ed645f504aa72
- SHA1
  
  d84bb9aa8a8ef35678d445df0b32425d49771bd2
- SHA256
  
  f5f4cab39d65c1d787e0ce217465c3d58afc9a739682da8f20900ec589a908dd
- SHA512
  
  011045983c7783968adfb3fa7094aa63cad010eaca852effc9506b0bb74a9b993d557e127ba5a3a1bd3c1d4de5a603f8cf6f17879fe915ed9c9e2a7fd1b09c84
- SSDEEP
  
  24576:/KxiiAH280V6GfVDeRzFZMskrfQDmUx5Da1adHJFsq:/KAOV6GfVDePey7pdJFsq
Score

10^/10

redline zgrat discovery infostealer rat spyware stealer
- Detect ZGRat V1
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral5 behavioral6