General

  • Target

    ca66a07c7d3fc179579bc8ffe620503fe7f86abdd1abb0c17fbe5bfef42d7b9f

  • Size

    5.2MB

  • Sample

    240706-gllwsazfkc

  • MD5

    f2a5c7e8313862aca9b7a6314ca73f3a

  • SHA1

    dd9f9c6d3dfc2805e8851676679cd9734a877eea

  • SHA256

    ca66a07c7d3fc179579bc8ffe620503fe7f86abdd1abb0c17fbe5bfef42d7b9f

  • SHA512

    a459adc6ce2cc9d19672894de1df41228da0b072bbbd67493b7a1d3b57cd491c0c62b7e842e1d7306719e889fe777b915b3de274f4dad52ba5ba601783e79a13

  • SSDEEP

    49152:Z6dH/1E4lojlIfw68P9//EctarfVW7c9PqoEv0V8jM5ERIcRjtS7HU4sOThLJG+6:E9tzQIUhZh7cJxEIZJX6

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://affecthorsedpo.shop/api

Targets

    • Target

      ca66a07c7d3fc179579bc8ffe620503fe7f86abdd1abb0c17fbe5bfef42d7b9f

    • Size

      5.2MB

    • MD5

      f2a5c7e8313862aca9b7a6314ca73f3a

    • SHA1

      dd9f9c6d3dfc2805e8851676679cd9734a877eea

    • SHA256

      ca66a07c7d3fc179579bc8ffe620503fe7f86abdd1abb0c17fbe5bfef42d7b9f

    • SHA512

      a459adc6ce2cc9d19672894de1df41228da0b072bbbd67493b7a1d3b57cd491c0c62b7e842e1d7306719e889fe777b915b3de274f4dad52ba5ba601783e79a13

    • SSDEEP

      49152:Z6dH/1E4lojlIfw68P9//EctarfVW7c9PqoEv0V8jM5ERIcRjtS7HU4sOThLJG+6:E9tzQIUhZh7cJxEIZJX6

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks