General

  • Target

    Aquantia (Updated).zip

  • Size

    59.7MB

  • Sample

    240711-rqeclssemd

  • MD5

    6f3ccb2e9789c609073a06212c196b06

  • SHA1

    f9d99069d143afeecb07de1037dcc844538188cf

  • SHA256

    437a6732c705bc1c2324ec9ba650f04846ca09ba3e5c4b991d265c2da0b6a8db

  • SHA512

    afdba2e9dcda474d68dbfde7c358013fd74fdb56de3346603155b028c77a6cb4933d82e93ab2345e823724741a1c1fb433a0b705aeb5d132fe7667e7f4f39cd8

  • SSDEEP

    1572864:mAjtzUpEMPyHBwDHlYkEs11xQzNBwYnR6wCony98Ajzt9ts5HSCs:/BUp6i5EsHxQzXwYnG1yAjzexs

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://sensitivyitszv.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Aquantia_Setup 2.1.1.exe

    • Size

      10.7MB

    • MD5

      ab7725ebe6bb1caf763094d2bc1915f3

    • SHA1

      6aa6d5a8083ea967bbe0030b5abffd172b57cdf7

    • SHA256

      f3adcc1653f34ae887c2aeabc3553450d2f60780a24bc933ae53af54ee651005

    • SHA512

      774e689d1df1662c9188d939a5ff1bf1fd127809edebde2d231334ce60b05b46234379b85fa91944550b41d9e2fd1bcf2ed3e3bcca785ae21477c3182130ef50

    • SSDEEP

      196608:1/8hkQv+mloZsBBeT+nJsv6tWKFdu9CnmE4F2u:WiQvVi+nJsv6tWKFdu9CRXu

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks