General

  • Target

    SpaceCheats_v3.5.zip

  • Size

    558KB

  • Sample

    240526-qct1gafb8x

  • MD5

    a436acac5e72f236806abc8d68c6b5ba

  • SHA1

    cf38215a1231e90a1428990d08cdd5bfcb4f2d65

  • SHA256

    8729b4e38b06fb2efd850529b9f4e2697a82ad25e4a809d31845c5a78d17f4ee

  • SHA512

    a339d6624a2459a969eb0061bee6b6b2cc92ae69010f6dba76184255243c1379e523ed496a8f39a63959236c5aa91e3742c31a18160c217d3a6ea266d7d63ab0

  • SSDEEP

    12288:YrLnqht1+tRu0fyclpgka9/amnZMF4EKaPJBEtrMgVBxu:YrLqht1+jXyclpda9/at9HPErpv4

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      SpaceCheats_v3.5.zip

    • Size

      558KB

    • MD5

      a436acac5e72f236806abc8d68c6b5ba

    • SHA1

      cf38215a1231e90a1428990d08cdd5bfcb4f2d65

    • SHA256

      8729b4e38b06fb2efd850529b9f4e2697a82ad25e4a809d31845c5a78d17f4ee

    • SHA512

      a339d6624a2459a969eb0061bee6b6b2cc92ae69010f6dba76184255243c1379e523ed496a8f39a63959236c5aa91e3742c31a18160c217d3a6ea266d7d63ab0

    • SSDEEP

      12288:YrLnqht1+tRu0fyclpgka9/amnZMF4EKaPJBEtrMgVBxu:YrLqht1+jXyclpda9/at9HPErpv4

    Score
    1/10
    • Target

      SpaceCheats_v3.5/installer.exe

    • Size

      907KB

    • MD5

      6b3ee7e991ba70fc5766aff36c5d2a34

    • SHA1

      8388ea924f59abe9814673acc9f777abe2ac9cf4

    • SHA256

      d7a40406412086b8e1657644c7f9f326227a790a2c9ddb6b57dfe450c92d051a

    • SHA512

      8e0f3ef14f6fdfb907d81fc0376936ba819032463532cce899c794ab56430473ad629587d823ee9a75784d37a3d7b63a43967e72a1b8573ef847149a56faa207

    • SSDEEP

      24576:3tASL4DJntBcspjPeQiPvdRzWTn6WHmTyC5oq3zLUkPNsFiy94Zv:z4DJntBcs1eQiPvdRzyYy2z5FsIA41

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks