General

  • Target

    Contract + Preview 24.05.zip

  • Size

    60.7MB

  • Sample

    240525-p45evacf5z

  • MD5

    88c6c412d811dbc3dd5fe11e7cb3b73c

  • SHA1

    05a76d4d2c62a0f71f52a4310aace441b1ab50c1

  • SHA256

    a68186f17773aa2ee0ce86b4fb2675f7688b238568b92606ed050cb540c69ec1

  • SHA512

    6573beb6285cbdb08b9bec70d70c688db3cb1d922b28d11e5e88bd5bfa692d34b4a395819f877c7b165d3ad3ef2ec7d0041d01df94b20040d6ce0a1123e5b737

  • SSDEEP

    1572864:T1YHI5YUXqJ21ki+cKvj5eb8hdy+FpA8ykDAYF51hzkI:TuHI5Fa+D+cKvAwRSIkI

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://listenmoutioncow.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      Corel Preview 2024/Instruction.docx.docx

    • Size

      88KB

    • MD5

      c4a1ed8a268609a1c3fcf548545a8c10

    • SHA1

      32f55fdf7869d33e24ff8523485184baf91ff698

    • SHA256

      ed94e2b9956470c75aa9149d2ba1750e59b465f5771b2f3b2c27feaa3aa91c25

    • SHA512

      c0d7449e08512a2b3560b35e36b800704ae0de51e162fbf7dea0e9c595cff4ad6a1653ad72f83bc1f36e2bbb2382c2742c19ebf856b4eb475d29ba8af995a0c8

    • SSDEEP

      1536:Ll3JZn2c1+nW2iLUetVJxZmOSPdkZtHb9GKzsakB5+1zRCO/8EIMG4xGZX:Ll3vqnW2GhLxMBeZdb9GKIakB5+1zD/S

    Score
    1/10
    • Target

      Corel Preview 2024/Offer.pdf.exe

    • Size

      71.1MB

    • MD5

      8564c524e183138b878135bfd324a23e

    • SHA1

      65fa02423a7af2c25235d89d9cca4c1a2c6d0264

    • SHA256

      0e336a760e9b1f32b38c52d0426f48648dec5b5a04f0766482a02a3f152c72fe

    • SHA512

      acc51199f6fb23e3dd728e679bcd1178f66547405bc32b6a2240660fdc272a6ea61650e5419d99b69e08a12442e51d1abd4ffbc5e4cb6a91b3d098850e77443f

    • SSDEEP

      98304:rEF26EMHK1hM4a3jReUhRny9EFhsViTu1D4KY7EpMWPCTbl5:hQRBXTTut4/oDPqb

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks