General

  • Target

    infected.zip

  • Size

    4.0MB

  • Sample

    240705-yx2j2sxcmb

  • MD5

    101a3061619bdb9e71bb91fa32eefb9b

  • SHA1

    41b3a2605900d72ed4221a4c2c8e79bd3c6aa5d6

  • SHA256

    78921f75ee30f950b9cfa43a79f92edc2589cc0e813f22ebdb4993ab5b4926ac

  • SHA512

    6198e59f69502ca9e9cd65d90270907e932c46db51c125cc0c23d1ba7702e03a4c9f0d42822648e2a5d49d8d676447d9d3ec125b7b4f29790dde4b8f940c1bec

  • SSDEEP

    98304:g6aZ3ofc1iwhDYibIQ4QvIHQvgfcuJQF4sZvjtAoIyuUu5rayqWeoB7/:g6u3ec1iwhDcQ4Qr+AtZuUWraysGr

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://unwielldyzpwo.shop/api

Targets

    • Target

      infected.zip

    • Size

      4.0MB

    • MD5

      101a3061619bdb9e71bb91fa32eefb9b

    • SHA1

      41b3a2605900d72ed4221a4c2c8e79bd3c6aa5d6

    • SHA256

      78921f75ee30f950b9cfa43a79f92edc2589cc0e813f22ebdb4993ab5b4926ac

    • SHA512

      6198e59f69502ca9e9cd65d90270907e932c46db51c125cc0c23d1ba7702e03a4c9f0d42822648e2a5d49d8d676447d9d3ec125b7b4f29790dde4b8f940c1bec

    • SSDEEP

      98304:g6aZ3ofc1iwhDYibIQ4QvIHQvgfcuJQF4sZvjtAoIyuUu5rayqWeoB7/:g6u3ec1iwhDcQ4Qr+AtZuUWraysGr

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks