General
-
Target
file.exe
-
Size
6.1MB
-
Sample
240531-qz8gdaba86
-
MD5
50040aa4fcdf183865b768db08f93fc8
-
SHA1
442c47025a646e3bfecfc30f1fd229c7d083881c
-
SHA256
7b7ee47232cb322c12e53f733bdef460eb8ea8b4e96faf1c2b48220e263b1e1d
-
SHA512
97f3b59e2fc0ce87a4c3dc4fbce49d8d1fca17337f198d5fb6886088d380bb7c2ac82d478e872a56b3ce17487725a5f8586f3868c9f6cde2b80e88a3a415c0f0
-
SSDEEP
98304:YyXYRyTdoWB2A3eOAJG6+ccZlWUKylsC7nRf/z7s08sQzffscv/cbTbGJZfpJLqy:K8TeWJ3ek1iUKylp7nRT8FfscXQGJBHr
Malware Config
Extracted
lumma
https://greetclassifytalk.shop/api
https://horsedwollfedrwos.shop/api
https://patternapplauderw.shop/api
https://understanndtytonyguw.shop/api
https://considerrycurrentyws.shop/api
https://messtimetabledkolvk.shop/api
https://detailbaconroollyws.shop/api
https://deprivedrinkyfaiir.shop/api
https://relaxtionflouwerwi.shop/api
Targets
-
-
Target
file.exe
-
Size
6.1MB
-
MD5
50040aa4fcdf183865b768db08f93fc8
-
SHA1
442c47025a646e3bfecfc30f1fd229c7d083881c
-
SHA256
7b7ee47232cb322c12e53f733bdef460eb8ea8b4e96faf1c2b48220e263b1e1d
-
SHA512
97f3b59e2fc0ce87a4c3dc4fbce49d8d1fca17337f198d5fb6886088d380bb7c2ac82d478e872a56b3ce17487725a5f8586f3868c9f6cde2b80e88a3a415c0f0
-
SSDEEP
98304:YyXYRyTdoWB2A3eOAJG6+ccZlWUKylsC7nRf/z7s08sQzffscv/cbTbGJZfpJLqy:K8TeWJ3ek1iUKylp7nRT8FfscXQGJBHr
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-