General

  • Target

    a

  • Size

    8.7MB

  • Sample

    240711-qf18ysxfnl

  • MD5

    a91214898d5e5cdaefcfafe4b113870d

  • SHA1

    f3751d4c0c791d64c97cf1501185311729945464

  • SHA256

    2741b779efea41ef55cdc665a68f8d8ee271db54106aee8e30666918bdb3c83b

  • SHA512

    86e2b1df6b5b30114aa427c084a22e5a9988e8a58fe5d008bda50f1235d6f429330962cc52e21c4b04581d50128e5e112c46302a6a14af2b2e597b8d3a20d8d5

  • SSDEEP

    196608:TY6ABD6qqXfFKoKnfiTt/UdkInnAca3OwEfO801IgmiisO5:c6ABSXfLKKTtNQs+wEm/fU5

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://bittercoldzzdwu.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      0pen___files/!ŞetUp_58641--#PaSꞨKḙy#$$.rar

    • Size

      8.7MB

    • MD5

      383b8bb2592c171448989b539dea8905

    • SHA1

      ff730d4d028d25bf4563cfc6627cbc69eb81dbc9

    • SHA256

      9368cd8dbadf0ac139e2b0b2c71c6cde690c96d901d298c939961b9b71fad747

    • SHA512

      ef48d9d36c26158476d70e8cec4e258b282038a1440fac17c5928f7001c3a30f100a186b295afeca25d579f950441d2340b71585c12457de7aff196fc91c3b01

    • SSDEEP

      196608:7Y6ABD6qqXfFKoKnfiTt/UdkInnAca3OwEfO801IgmiisOq:06ABSXfLKKTtNQs+wEm/fUq

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks