Resubmissions

25-05-2024 14:55

240525-sasezagd3s 10

25-05-2024 14:49

240525-r7fxrsgf63 10

General

  • Target

    FILMORA 13 (BY JOCO).exe

  • Size

    1.1MB

  • Sample

    240525-r7fxrsgf63

  • MD5

    acb5eba73001eca23e1318e6e412d325

  • SHA1

    1fe56d785650016ee6c1ef61789c87bac50455e0

  • SHA256

    a876e5b597b87eed8c8065ceed5527ac56bbefb92bc37e1b4fee53a8828f9c80

  • SHA512

    3e83be0ec63a56817baffc1ee41f7c19e3e2305ae48a157e42ee34488b8b6420e36203cd952a670da39aeaf1d476ad507466c3c588e88bc89330cecbb908bdde

  • SSDEEP

    24576:kI0Jn5RrhGTWAiFAIBifnwnN9SKi1cpMbPIY8bl:F+n5xhGSAsMfwN9SkxY8bl

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://survivalpersisttww.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      FILMORA 13 (BY JOCO).exe

    • Size

      1.1MB

    • MD5

      acb5eba73001eca23e1318e6e412d325

    • SHA1

      1fe56d785650016ee6c1ef61789c87bac50455e0

    • SHA256

      a876e5b597b87eed8c8065ceed5527ac56bbefb92bc37e1b4fee53a8828f9c80

    • SHA512

      3e83be0ec63a56817baffc1ee41f7c19e3e2305ae48a157e42ee34488b8b6420e36203cd952a670da39aeaf1d476ad507466c3c588e88bc89330cecbb908bdde

    • SSDEEP

      24576:kI0Jn5RrhGTWAiFAIBifnwnN9SKi1cpMbPIY8bl:F+n5xhGSAsMfwN9SkxY8bl

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks