Resubmissions

06-07-2024 16:56

240706-vf11eawblk 10

06-07-2024 09:15

240706-k8antawdre 10

General

  • Target

    https://github.com/TheresiaAurelly/Solara-executor?tab=readme-ov-file

  • Sample

    240706-k8antawdre

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    194.28.224.2
  • Port:
    21
  • Username:
    anonymous
  • Password:
    anonymous@

Extracted

Family

lumma

C2

https://bannngwko.shop/api

Targets

    • Target

      https://github.com/TheresiaAurelly/Solara-executor?tab=readme-ov-file

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks