General

  • Target

    Adobe Installer.exe

  • Size

    22.9MB

  • Sample

    240706-fz6yfaygpg

  • MD5

    eefcbf5a048a4035bde572a53d4b3796

  • SHA1

    39fbc3604afe3703dcb87efc4752050044998277

  • SHA256

    22a0e808dc6971d2135da47e2e7ab470b0bcbe0d07e4c91df047d85981847752

  • SHA512

    2c3cffd921d9ef573ebec598bb8a780d74e4be1c9aae1d6a0fd2d013353804807f1ace496785d44851b1f833e97e1058875963ac522b5aa4b7afdc4f90762a59

  • SSDEEP

    196608:sOQ8raUTGNhy9jdon1nWxhhGYULhwG48:sT8rps09bGYULhL4

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://nobledpcowep.shop/api

Targets

    • Target

      Adobe Installer.exe

    • Size

      22.9MB

    • MD5

      eefcbf5a048a4035bde572a53d4b3796

    • SHA1

      39fbc3604afe3703dcb87efc4752050044998277

    • SHA256

      22a0e808dc6971d2135da47e2e7ab470b0bcbe0d07e4c91df047d85981847752

    • SHA512

      2c3cffd921d9ef573ebec598bb8a780d74e4be1c9aae1d6a0fd2d013353804807f1ace496785d44851b1f833e97e1058875963ac522b5aa4b7afdc4f90762a59

    • SSDEEP

      196608:sOQ8raUTGNhy9jdon1nWxhhGYULhwG48:sT8rps09bGYULhL4

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks