General

  • Target

    109a657adb755ec3cd536f673f0c72061ad6fc2bd501170f4d6ff29881cfac96

  • Size

    2.5MB

  • Sample

    240705-cwg85azglj

  • MD5

    cfcb05f31416511b29957cec2b01215e

  • SHA1

    79e2a88d71a942f31ba78cefa77b365432d56efd

  • SHA256

    109a657adb755ec3cd536f673f0c72061ad6fc2bd501170f4d6ff29881cfac96

  • SHA512

    aec1f7b63f0d7712c560ffe5298ca35007f32f8f49574a95d3599650958b22671c381dab2b407144773d516de1277d2a17dc3570bcd9e5f54c71500129b48196

  • SSDEEP

    49152:spMGjYmCw9mMGWBptishRyHHEAZAspSagfpIecOklfBXvv2aa82NL:vGjYmCwGMpDRIxjpSxpZ7e10NL

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://stationacutwo.shop/api

Targets

    • Target

      6c3496832cdffffedde13f9c75138ee62dd968eaa26bc23e1cbc082e638c3513.exe

    • Size

      4.9MB

    • MD5

      2502f2fb88c1ea569c0b4287ae0613f3

    • SHA1

      aae526d8ce17f59366b57d5d00ab5d14140cd6b5

    • SHA256

      6c3496832cdffffedde13f9c75138ee62dd968eaa26bc23e1cbc082e638c3513

    • SHA512

      7c0e3a6f8322aafa90533bcd2ff5ab2b167ef7c1c8412710c4b3a3b4643cdb0412cf93c561ce1c01a1057643bda336fd3fa64e3a7373d41cc25319d5190ca2d2

    • SSDEEP

      49152:HwWM2zE1fkrLilu5l55F+QjEcEAGjz5Ep+8YTpuQynVoj28OBpclaYC4Ihign93:QWlzE1fyLi61kE7piK93

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks