General

  • Target

    ErikGlorious_crypted_EASY.exe

  • Size

    394KB

  • Sample

    240525-rdkc4afe88

  • MD5

    f758008b7884936d9b2a89d14c317b18

  • SHA1

    336c1e0d7ad5d58dbb4184710ed399af4494afde

  • SHA256

    341e941ba420f41c4d5887b2f5f19084bd0dc7addf3e3c694f79ebea2fcad370

  • SHA512

    133d8d0443f94efd806555c57607d88a0c419f508333f827dd856e1829f58c70efcd6a7df2421ca0fbff1a582feec820210e4dff757dacd24c91f01ba3b65a1e

  • SSDEEP

    12288:NF0ceA3g4vjEgKVpBfquOciBeGJr804EpkHeBOVOXRE0NxLFRHMA5X7UUghFx7X0:NJwojIVpxAci

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      ErikGlorious_crypted_EASY.exe

    • Size

      394KB

    • MD5

      f758008b7884936d9b2a89d14c317b18

    • SHA1

      336c1e0d7ad5d58dbb4184710ed399af4494afde

    • SHA256

      341e941ba420f41c4d5887b2f5f19084bd0dc7addf3e3c694f79ebea2fcad370

    • SHA512

      133d8d0443f94efd806555c57607d88a0c419f508333f827dd856e1829f58c70efcd6a7df2421ca0fbff1a582feec820210e4dff757dacd24c91f01ba3b65a1e

    • SSDEEP

      12288:NF0ceA3g4vjEgKVpBfquOciBeGJr804EpkHeBOVOXRE0NxLFRHMA5X7UUghFx7X0:NJwojIVpxAci

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks