General

  • Target

    Setup_Files.rar

  • Size

    26.9MB

  • Sample

    240705-qkk3ja1fqh

  • MD5

    798bf533016391437e08f08c09a6c80c

  • SHA1

    4703162579085456d83458d3b737c740413dc7f9

  • SHA256

    5abe9787dc4f9b261b50cc212a9ca6bb5d6be8f065ef7bcf77bac6cbb198b3ce

  • SHA512

    ffbe03dc2df8d56b57373d15c9a4f015e26734622c2c318905c09b3ead70791a1746f4c602fc8dd792c51f4a9560e047a90f061778f1bdf93f7cba274d4e814f

  • SSDEEP

    786432:ZxO+At6AwOmpmAxbSbmpoOig/uixWnNqum671M6:ZBAAAG4KSbm8g/uixWn8umY1/

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://absentjuks.shop/api

Targets

    • Target

      Setup_Files/Setup.exe

    • Size

      662.5MB

    • MD5

      59839dad3c13480e4f29ad32afdc8fb1

    • SHA1

      2d66cf175875f98784f9be66d832dee8cbad5a69

    • SHA256

      002f5b2aa14a46544ac266bc78a348d71480c474fd00bc01708ce1dcba1291ee

    • SHA512

      3ae89c0f7c0fba2f0b6f6db95abc12ba4f628a3615ae1fb4a8a402dfa7bc875890eb8c708bb68303eb9dde835572cef2ca45cdd93ff20d279525ba9b8514477e

    • SSDEEP

      196608:Dpcugy7TlXNdj+P64+S+rt7hOD6ZJHXg4nhVUGbP4X3bOq2JRuwt:Dpcu7k6FkAZL

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks