General

  • Target

    146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03

  • Size

    1KB

  • Sample

    240528-nqfc5ahc21

  • MD5

    9502dc9350c13e66e15a4cfb2c1f3aca

  • SHA1

    dc2242f7db20926823f21a998f04e18754385818

  • SHA256

    146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03

  • SHA512

    cf33bef35a2ace1ff96c3155677e90089f5cbd3564c046e843f1deda72fded3764144f30c7d09d18b3429451b5aa25fd875f28ae32df8a35978ba4e1e0a66922

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://matodown.b-cdn.net/matodown

Extracted

Language
hta
Source
URLs
hta.dropper

https://matodown.b-cdn.net/matodown

Extracted

Family

lumma

C2

https://declineforntyuekw.shop/api

https://museumtespaceorsp.shop/api

https://buttockdecarderwiso.shop/api

https://averageaattractiionsl.shop/api

https://femininiespywageg.shop/api

https://employhabragaomlsp.shop/api

https://stalfbaclcalorieeis.shop/api

https://civilianurinedtsraov.shop/api

https://roomabolishsnifftwk.shop/api

Targets

    • Target

      146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03

    • Size

      1KB

    • MD5

      9502dc9350c13e66e15a4cfb2c1f3aca

    • SHA1

      dc2242f7db20926823f21a998f04e18754385818

    • SHA256

      146c124f7f8b73ca14819cc71cb8c4d6115910d0c9a244505305da43a984db03

    • SHA512

      cf33bef35a2ace1ff96c3155677e90089f5cbd3564c046e843f1deda72fded3764144f30c7d09d18b3429451b5aa25fd875f28ae32df8a35978ba4e1e0a66922

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks