General

  • Target

    3cf328b7ca34f36bc1d09e01ae4eb060_NeikiAnalytics.exe

  • Size

    8.0MB

  • Sample

    240528-k8yewaeh46

  • MD5

    3cf328b7ca34f36bc1d09e01ae4eb060

  • SHA1

    465fc0b51b45188c305daffa8fc66524ef288bf4

  • SHA256

    382f895db4767a271f4c101e8584680442d2353d3d1000c1854f5a8ec7501916

  • SHA512

    17a07a7a455b41f5232b7a876f64f9a0864bd48984c99dfc9119f159bc5749d0e81f3bb6a8ef27cad204cebdec7ada9b3cf6850245f6306d58ef557f795e1998

  • SSDEEP

    196608:GoSNAY/haEmsZlryo9dwVhwjURxLV28qS4SmZ0I7sMoW3n:GpNdIEhlh9dwX/xLV28zm2I4lI

Score
10/10

Malware Config

Extracted

Family

lumma

C2

185.99.133.246

Targets

    • Target

      3cf328b7ca34f36bc1d09e01ae4eb060_NeikiAnalytics.exe

    • Size

      8.0MB

    • MD5

      3cf328b7ca34f36bc1d09e01ae4eb060

    • SHA1

      465fc0b51b45188c305daffa8fc66524ef288bf4

    • SHA256

      382f895db4767a271f4c101e8584680442d2353d3d1000c1854f5a8ec7501916

    • SHA512

      17a07a7a455b41f5232b7a876f64f9a0864bd48984c99dfc9119f159bc5749d0e81f3bb6a8ef27cad204cebdec7ada9b3cf6850245f6306d58ef557f795e1998

    • SSDEEP

      196608:GoSNAY/haEmsZlryo9dwVhwjURxLV28qS4SmZ0I7sMoW3n:GpNdIEhlh9dwX/xLV28zm2I4lI

    Score
    10/10
    • Detect Lumma Stealer payload V2

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks