General

  • Target

    screens.zip

  • Size

    19.6MB

  • Sample

    240525-af6wfafg8w

  • MD5

    e23247a5d6be1a193dee4184763ecaaa

  • SHA1

    d03d1eb8becacf1bcab68ae25545afc03f4ada48

  • SHA256

    db833ab5dc35ad82c1d1bb3ed097fffe4919216229140e6b9bebdf6a6f22894b

  • SHA512

    615b60de3bb7415aab83d47ce92de146d14a40390d1b22441e237e07e372caaedd484d8529e505065915bfaff7b9514ebdbd22b5119f6e3c29443b580afcc447

  • SSDEEP

    393216:nzNm8XrFv51CTnGvZYVkE4Vm9AFvrt1ckrwpPG4+zygVxurbTS:zA8XZh1asmf4I9Cvrt1cQ9ZVxGfS

Malware Config

Extracted

Family

lumma

C2

https://wastwfulldashiwnjs.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      DepthsRevivals.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Target

      msimg32.dll

    • Size

      44.9MB

    • MD5

      b5f59b6995aebcc5d59d7f1b87333feb

    • SHA1

      3e6e1b41e93059517fd6675cbb3919d4de6d4c91

    • SHA256

      3ba98e952dac1f26679caf47bdd8662f78d8826ae030919b6b0ade9352f33b17

    • SHA512

      5df700664897d1fac422ff887238c641a2797901c9f664802da234ca999e32e08da55a4e237f7f785fab8ec34c5a1057aa2554ff0c49b6301cb31066173f96d8

    • SSDEEP

      786432:/UP7GCGO7t0Srkx/tC0SzIdSwh/WxbpNHQD3trzRp23:/UP7GCG6iSrkx1hSzYsHQD3t/RE3

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks