General

  • Target

    ce9b5ec3693188ed91e363e55286cd212f44912b042bd83a924af2f43daaa55f.exe

  • Size

    6.5MB

  • Sample

    240706-caq9xaveje

  • MD5

    b82c80a3ce9b5c44391d3f11307f8b8e

  • SHA1

    7480059bc051383eaaf0d83b7f39d7c4989e4dea

  • SHA256

    ce9b5ec3693188ed91e363e55286cd212f44912b042bd83a924af2f43daaa55f

  • SHA512

    c04bb5a116dfbe2599ce91e084888d5c051e831812ed75e7d0fd40373f0f0ade7701246a433cf5552b5b8b370155b95547f8165d7d38c76325124c7afbf431e2

  • SSDEEP

    49152:8im7Z/AvmNVNL6B6QeuuLlKHqhk/6eYivn7Bp+CiOo0NGpkAF3j+5E3BN7ObFb+I:/fe3F8+eYYn1liONE3B2AK8i

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://citizencenturygoodwk.shop/api

Targets

    • Target

      ce9b5ec3693188ed91e363e55286cd212f44912b042bd83a924af2f43daaa55f.exe

    • Size

      6.5MB

    • MD5

      b82c80a3ce9b5c44391d3f11307f8b8e

    • SHA1

      7480059bc051383eaaf0d83b7f39d7c4989e4dea

    • SHA256

      ce9b5ec3693188ed91e363e55286cd212f44912b042bd83a924af2f43daaa55f

    • SHA512

      c04bb5a116dfbe2599ce91e084888d5c051e831812ed75e7d0fd40373f0f0ade7701246a433cf5552b5b8b370155b95547f8165d7d38c76325124c7afbf431e2

    • SSDEEP

      49152:8im7Z/AvmNVNL6B6QeuuLlKHqhk/6eYivn7Bp+CiOo0NGpkAF3j+5E3BN7ObFb+I:/fe3F8+eYYn1liONE3B2AK8i

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks