General

  • Target

    ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_.zip

  • Size

    9.6MB

  • Sample

    240526-mrzbysfd6t

  • MD5

    118b664cffc151b50257f9b058892e75

  • SHA1

    40bb786344e6eadbd76721e9b84011d16055e825

  • SHA256

    49643b1f483f32112775c305890180d4d11e12ff0a5a3202bfc1b83bc4b4c65f

  • SHA512

    0e3e4b1a9258ae1540bcd84998cd9bf23b2c0f8c54bd3dffd44480f5c65d6a2f34c942f6ae46ce966e96a2dd463e3223cb4e67df5bf69eb77de2c06dd931b606

  • SSDEEP

    196608:fi96MPeuYv5wYPH42b48sm/C+1b9EOH9LJQO+++O+yABO/AxT:2dRWH4I4XAFb9Lh+++O+xeAJ

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://employeedscratshj.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_ㅤ_.zip

    • Size

      9.6MB

    • MD5

      118b664cffc151b50257f9b058892e75

    • SHA1

      40bb786344e6eadbd76721e9b84011d16055e825

    • SHA256

      49643b1f483f32112775c305890180d4d11e12ff0a5a3202bfc1b83bc4b4c65f

    • SHA512

      0e3e4b1a9258ae1540bcd84998cd9bf23b2c0f8c54bd3dffd44480f5c65d6a2f34c942f6ae46ce966e96a2dd463e3223cb4e67df5bf69eb77de2c06dd931b606

    • SSDEEP

      196608:fi96MPeuYv5wYPH42b48sm/C+1b9EOH9LJQO+++O+yABO/AxT:2dRWH4I4XAFb9Lh+++O+xeAJ

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks