General

  • Target

    !!SetUp_!PaS$Kḙy$!_13847.zip

  • Size

    9.3MB

  • Sample

    240710-me9xxsscmn

  • MD5

    997f156c2036d4728f2092c5f4675b24

  • SHA1

    a1975161cca9e66804500926ac3ef5a886c6c6f7

  • SHA256

    004bf005dea017ddca94ad80069bef4d63b66ffce5ed9589c2d79e86e6ba8c60

  • SHA512

    d89863f62e30716ec2aaa8e145f63b0859d170b0e09ef5460758f3933c535ca40d7b4ecf9c6435f973d5b777c579533808e51adcd9ed3aa747f8b03b8ecf00aa

  • SSDEEP

    196608:7wwTtF/EyPpuJPQcKfj55hXLFqKp2BPrVQHMkkausPg:7JLLoY1hXLFTpAVokxs4

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://unwielldyzpwo.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      !!SetUp_!PaS$Kḙy$!_13847/Setup.exe

    • Size

      282KB

    • MD5

      37668418edb0f30c6f38d08c5ef319b7

    • SHA1

      72d173273dfc9a5cf0661ece8e6d90c602679ba2

    • SHA256

      4a7930a7130fe7c3c9822d90517e873e3e477c9a6978d096f740dc5b03770365

    • SHA512

      9c5c0c3a095824c51c349487c2366e4dcd1f3602082627296ac06569b72e28ef1d976f8b3ef8df30a81d4483c3220cbb6ee429f7ad4633d8692b9bf3f4104fd9

    • SSDEEP

      6144:eVrX3+AlBg06nMIDzNU5/CSYeK+gqWpMed:m7+k/pkQC/eKXqWqed

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks