General

  • Target

    Sleipnir_setup.exe

  • Size

    600.1MB

  • Sample

    240710-vga6da1fqe

  • MD5

    64fc9cfcec9ad53e1fb87200bf0b6695

  • SHA1

    859e0d9e63b7ac7b459d5c1f33707fe5f38912ca

  • SHA256

    6ce21227a90c06234469aef5fa7173d5428ce0a69283a1dcd5c72168e4f7eda7

  • SHA512

    070cc86e792a12b6a460d7069dc302d4701040cf9bc6a13478c468fed4390b215a2037f5a64d3c5128c1167f00f1e0bb71051f7eee064b648f5b9c0bfe260c80

  • SSDEEP

    12582912:viM8g/ezDgKKQESUfl2tIisYOh04nnmcMmvYVunZbECWkE1NfiKTE0rPl:qMh/ezDgKKQSfUtIt64nnmcMmAWWkE1X

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://discreetdramatricop.shop/api

Targets

    • Target

      Sleipnir_setup.exe

    • Size

      600.1MB

    • MD5

      64fc9cfcec9ad53e1fb87200bf0b6695

    • SHA1

      859e0d9e63b7ac7b459d5c1f33707fe5f38912ca

    • SHA256

      6ce21227a90c06234469aef5fa7173d5428ce0a69283a1dcd5c72168e4f7eda7

    • SHA512

      070cc86e792a12b6a460d7069dc302d4701040cf9bc6a13478c468fed4390b215a2037f5a64d3c5128c1167f00f1e0bb71051f7eee064b648f5b9c0bfe260c80

    • SSDEEP

      12582912:viM8g/ezDgKKQESUfl2tIisYOh04nnmcMmvYVunZbECWkE1NfiKTE0rPl:qMh/ezDgKKQSfUtIt64nnmcMmAWWkE1X

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks