Resubmissions

11-07-2024 13:08

240711-qdbkhsxenn 10

10-07-2024 17:54

240710-wgy3watfnh 6

General

  • Target

    https://dereferer.me/?https%3A//jonba.link/ir285vqa

  • Sample

    240711-qdbkhsxenn

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://excellentdiwdu.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      https://dereferer.me/?https%3A//jonba.link/ir285vqa

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks