General

  • Target

    3678d9e3523fb670a0ecc7430e2ce1ae50398659826836e9fcf9b23fb91d0ccc

  • Size

    98KB

  • Sample

    240518-y5bzcsdf8w

  • MD5

    de69b64703c8d5bef28dde774d494c42

  • SHA1

    3f7921483d08b73bb73b25d272c88775d1ffda6c

  • SHA256

    3678d9e3523fb670a0ecc7430e2ce1ae50398659826836e9fcf9b23fb91d0ccc

  • SHA512

    5619e555fd3a66b83531b5882e08241787bd356596a4c20d83acb53a9aadb08947867874150873df0bb8c2319193673e8a7de81b3f9dcda1c8c39dfc071ef1da

  • SSDEEP

    768:tGIBEeHe8Z2cq6Iwz1y9jrpVqZCB2YwRyo8aXJV7/s1G:LBEA+6xz1y9jvqZaNw/8a5i1G

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://geneticsockkdwlsaw.shop/api

Targets

    • Target

      3678d9e3523fb670a0ecc7430e2ce1ae50398659826836e9fcf9b23fb91d0ccc

    • Size

      98KB

    • MD5

      de69b64703c8d5bef28dde774d494c42

    • SHA1

      3f7921483d08b73bb73b25d272c88775d1ffda6c

    • SHA256

      3678d9e3523fb670a0ecc7430e2ce1ae50398659826836e9fcf9b23fb91d0ccc

    • SHA512

      5619e555fd3a66b83531b5882e08241787bd356596a4c20d83acb53a9aadb08947867874150873df0bb8c2319193673e8a7de81b3f9dcda1c8c39dfc071ef1da

    • SSDEEP

      768:tGIBEeHe8Z2cq6Iwz1y9jrpVqZCB2YwRyo8aXJV7/s1G:LBEA+6xz1y9jvqZaNw/8a5i1G

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks