General

  • Target

    KFlauncher_cert.exe.vir

  • Size

    4.0MB

  • Sample

    240528-r85yaaaf34

  • MD5

    624033fa2102aa62e05d7896283ead8d

  • SHA1

    5727af99e8639529fcfbecbbf8bb8e979dcd8b42

  • SHA256

    97fb5152221fa33982414ec314f1aacb2fde41e883ae99fae79b4b0514dab7c1

  • SHA512

    665996db73dec96f210823f94ba0f92dfbb36b3e8fcc9ef116569e9d46c3b8b5bc9827f3f9a3913d0e822a127b454dab0cc1b78ad402c01ca88133c309a2c3d6

  • SSDEEP

    49152:Y51mcL7x1Z8/XYhSyb/xwo/cbnKrdY1kfgPKgrHixVOJFdfk4YPptfSmSjkKvvX/:Y5Rh1Xxwo/czKe10gFzi/Q640f+5PkA

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://corruptioncrackywosp.shop/api

https://horsedwollfedrwos.shop/api

https://patternapplauderw.shop/api

https://understanndtytonyguw.shop/api

https://considerrycurrentyws.shop/api

https://messtimetabledkolvk.shop/api

https://detailbaconroollyws.shop/api

https://deprivedrinkyfaiir.shop/api

https://relaxtionflouwerwi.shop/api

Targets

    • Target

      KFlauncher_cert.exe.vir

    • Size

      4.0MB

    • MD5

      624033fa2102aa62e05d7896283ead8d

    • SHA1

      5727af99e8639529fcfbecbbf8bb8e979dcd8b42

    • SHA256

      97fb5152221fa33982414ec314f1aacb2fde41e883ae99fae79b4b0514dab7c1

    • SHA512

      665996db73dec96f210823f94ba0f92dfbb36b3e8fcc9ef116569e9d46c3b8b5bc9827f3f9a3913d0e822a127b454dab0cc1b78ad402c01ca88133c309a2c3d6

    • SSDEEP

      49152:Y51mcL7x1Z8/XYhSyb/xwo/cbnKrdY1kfgPKgrHixVOJFdfk4YPptfSmSjkKvvX/:Y5Rh1Xxwo/czKe10gFzi/Q640f+5PkA

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks