General

  • Target

    SapphireX.exe

  • Size

    11.1MB

  • Sample

    240704-mvq5raybjb

  • MD5

    d1f7ddbcab22ab97b4df943dc7c032b7

  • SHA1

    82a33e74aa3984e0d866c1d88e7da041f92ba66e

  • SHA256

    019bf3b4c408dce8f27167201f4bf5ff6366dc5bb4076b60c16dbaaad7c74c39

  • SHA512

    96f73307cfd62fa662a94d07231358250f54470691673eb6594a0ef8575f4e8678b1a7de4375bdf86a1eb5495f37c5480762d2593cf37542a7d24c15272a2b20

  • SSDEEP

    98304:XmzcGgxlFrzqvS1jysyWT3EK5lqUkFYlqgmZP:XnnrzqvSZHT0M8h

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://citizencenturygoodwk.shop/api

Targets

    • Target

      SapphireX.exe

    • Size

      11.1MB

    • MD5

      d1f7ddbcab22ab97b4df943dc7c032b7

    • SHA1

      82a33e74aa3984e0d866c1d88e7da041f92ba66e

    • SHA256

      019bf3b4c408dce8f27167201f4bf5ff6366dc5bb4076b60c16dbaaad7c74c39

    • SHA512

      96f73307cfd62fa662a94d07231358250f54470691673eb6594a0ef8575f4e8678b1a7de4375bdf86a1eb5495f37c5480762d2593cf37542a7d24c15272a2b20

    • SSDEEP

      98304:XmzcGgxlFrzqvS1jysyWT3EK5lqUkFYlqgmZP:XnnrzqvSZHT0M8h

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks