General

  • Target

    ezyzip.zip

  • Size

    3.5MB

  • Sample

    240704-wc1qxa1cjj

  • MD5

    b9635b48a4b347bf279b3e6679d592c9

  • SHA1

    c95ddab642f8357bedbade02476c8753ce577dff

  • SHA256

    df4d859ead3eedc85f206be1822330eaf0cf9f65889f244be231e7de0446b7ad

  • SHA512

    30a5b56c577476e986907a520e84de645e49e9b0baa4a3c5de32e53cced5df4fb31e3840320085c7c3dc9ce621d74d45273ca2b92b8458b09a1df079ffc7119f

  • SSDEEP

    98304:h0jh4fmcGDu0g0AJQjcy54mmlL3jsz3jRd:qjkQy0r5jcyxMIz3jRd

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://stationacutwo.shop/api

Targets

    • Target

      ezyzip.zip

    • Size

      3.5MB

    • MD5

      b9635b48a4b347bf279b3e6679d592c9

    • SHA1

      c95ddab642f8357bedbade02476c8753ce577dff

    • SHA256

      df4d859ead3eedc85f206be1822330eaf0cf9f65889f244be231e7de0446b7ad

    • SHA512

      30a5b56c577476e986907a520e84de645e49e9b0baa4a3c5de32e53cced5df4fb31e3840320085c7c3dc9ce621d74d45273ca2b92b8458b09a1df079ffc7119f

    • SSDEEP

      98304:h0jh4fmcGDu0g0AJQjcy54mmlL3jsz3jRd:qjkQy0r5jcyxMIz3jRd

    Score
    1/10
    • Target

      github_installer.exe

    • Size

      127.5MB

    • MD5

      b632cf3c5bb16abf2045630f5ef5863d

    • SHA1

      9cc11f5ea081b9f05014725460146c5e15b16195

    • SHA256

      87dd6cb04b85a8238640b1e527ef18b2e1577bc1d75c4c4d91f15e18d186e9fb

    • SHA512

      6bce013a52bda1cf1f5a95c1d0b05443f892069758065c0f6760a005046d1a76b6ba10c452ec991bf08a20c138967626d175e21c9a4da7815fd7956a2a5fad58

    • SSDEEP

      12288:3U7KDE27/KjEWQ3TNX/urrGAQWlcAy/Mc21DkGmFyqDttJtJJ9g/Yq6FkCssSL4k:E7KI2JT1urrOs/

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks