General

  • Target

    1d19a11b77dccb759dd86f9d0481bc144ea353118865ac8476be21733af1678b

  • Size

    565KB

  • Sample

    240704-x6z7xaxcph

  • MD5

    efdc51a044c4265b8623d212737a4b84

  • SHA1

    b26024ce65d9585070b7af5b4e7f4e3647e4be7e

  • SHA256

    1d19a11b77dccb759dd86f9d0481bc144ea353118865ac8476be21733af1678b

  • SHA512

    a68a83c1054d2b1dfb43144e58ccaddc1f58468e02e2f40978c1fe9119747f737de65930ed3f500c00e9d8ae5e00e42a7a30f8e366af1e58178729536dd514e5

  • SSDEEP

    12288:sENv3ccWd6SUCVBsQLyfXgOKyDFzKIHB4ladY8kqqwhyvT5NkeTEWYRqWXYLlmlV:sENvMFd6xuLyfXglOpm

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

Targets

    • Target

      1d19a11b77dccb759dd86f9d0481bc144ea353118865ac8476be21733af1678b

    • Size

      565KB

    • MD5

      efdc51a044c4265b8623d212737a4b84

    • SHA1

      b26024ce65d9585070b7af5b4e7f4e3647e4be7e

    • SHA256

      1d19a11b77dccb759dd86f9d0481bc144ea353118865ac8476be21733af1678b

    • SHA512

      a68a83c1054d2b1dfb43144e58ccaddc1f58468e02e2f40978c1fe9119747f737de65930ed3f500c00e9d8ae5e00e42a7a30f8e366af1e58178729536dd514e5

    • SSDEEP

      12288:sENv3ccWd6SUCVBsQLyfXgOKyDFzKIHB4ladY8kqqwhyvT5NkeTEWYRqWXYLlmlV:sENvMFd6xuLyfXglOpm

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks