General

  • Target

    KFlauncher.exe.vir

  • Size

    4.0MB

  • Sample

    240528-r57byaae43

  • MD5

    83cdd014ae34d337a330d88d5c25b886

  • SHA1

    0d2b73683c9d4173a1e2345ef8c0952fd499ade5

  • SHA256

    6220493ab760b34caf38fe34c9dd7a257a5649c9d0e4bd3df0576573cb042a6f

  • SHA512

    d0cbc14e71c62ac1afd65002b7f62d323f9d98f0e6b2dd8b3c0b8cec23679003876f03e63418a37a97e45c02e7f0c367e9fbfb6e512106b412dc7dfc08f529a1

  • SSDEEP

    49152:h51mcL7x1Z8/XYhSyb/xwo/cbnKrdY1kfgPKgrHixVOJFdfk4YPptfSmSjkKvvXk:h5Rh1Xxwo/czKe10gFzi/Q640f+5Pk

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://corruptioncrackywosp.shop/api

https://horsedwollfedrwos.shop/api

https://patternapplauderw.shop/api

https://understanndtytonyguw.shop/api

https://considerrycurrentyws.shop/api

https://messtimetabledkolvk.shop/api

https://detailbaconroollyws.shop/api

https://deprivedrinkyfaiir.shop/api

https://relaxtionflouwerwi.shop/api

Targets

    • Target

      KFlauncher.exe.vir

    • Size

      4.0MB

    • MD5

      83cdd014ae34d337a330d88d5c25b886

    • SHA1

      0d2b73683c9d4173a1e2345ef8c0952fd499ade5

    • SHA256

      6220493ab760b34caf38fe34c9dd7a257a5649c9d0e4bd3df0576573cb042a6f

    • SHA512

      d0cbc14e71c62ac1afd65002b7f62d323f9d98f0e6b2dd8b3c0b8cec23679003876f03e63418a37a97e45c02e7f0c367e9fbfb6e512106b412dc7dfc08f529a1

    • SSDEEP

      49152:h51mcL7x1Z8/XYhSyb/xwo/cbnKrdY1kfgPKgrHixVOJFdfk4YPptfSmSjkKvvXk:h5Rh1Xxwo/czKe10gFzi/Q640f+5Pk

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks