General

  • Target

    a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969

  • Size

    1022KB

  • Sample

    240711-14pvyayeld

  • MD5

    4feaa73d5ae0b0ad580f6bbe51dfb43c

  • SHA1

    96dacd29fe2fad08335d7c02cde13707f9791c77

  • SHA256

    a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969

  • SHA512

    f70f6c844c37332a1bf10f68fd2e8b0ef10fe771fb464b129311ba3652ed09f9a1e2221b0fb29e7f211b9d590b24fb3153e685f42d73dc9552d3ab8a11612d74

  • SSDEEP

    24576:5ZS6ZStyxd2v1fkSL/oW2i70NfCVoqjqWB4NrK2Qdb3m:nZStyxdaJzrJ7kCyqGA4RVQ4

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969

    • Size

      1022KB

    • MD5

      4feaa73d5ae0b0ad580f6bbe51dfb43c

    • SHA1

      96dacd29fe2fad08335d7c02cde13707f9791c77

    • SHA256

      a204091d91d983a178eed21ccbef7f58e75667c99950ae597a3854754d2e4969

    • SHA512

      f70f6c844c37332a1bf10f68fd2e8b0ef10fe771fb464b129311ba3652ed09f9a1e2221b0fb29e7f211b9d590b24fb3153e685f42d73dc9552d3ab8a11612d74

    • SSDEEP

      24576:5ZS6ZStyxd2v1fkSL/oW2i70NfCVoqjqWB4NrK2Qdb3m:nZStyxdaJzrJ7kCyqGA4RVQ4

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks