General

  • Target

    Win.Installer.x32-x64.bit.zip

  • Size

    561KB

  • Sample

    240711-y8qlxssfkn

  • MD5

    ea0c95692f4651f995879ba5ff27b754

  • SHA1

    194e2a400ee935af7d0906e4a8dac96d1c7d5f0e

  • SHA256

    fe7dc803ad1ea414128b5171ddd6603743a82e5f357aca58f3327feaa0377542

  • SHA512

    b382fd9a0c772e5558fe2606371d76966b55889876eb0303d7dbb33698f331aac62ac86220bb0de434ec340770ee5f93a50f5335a420b98ae435dc9f0a8cebf0

  • SSDEEP

    12288:aHsrpYibqQux2S9wHkr1bldlhmUk6Mbpgy6RKu:aHsrSi+XxP94EblIUZMbpcKu

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://demandlinzei.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Win.Installer.x32-x64.bit.exe

    • Size

      118.5MB

    • MD5

      2c9183c740c7569a095ec4152112558a

    • SHA1

      850e2c43d838331ccf521cc48cd64d5da80ed6c7

    • SHA256

      611c27e0730ee39045837dc97a8c6762e19ddde28f829fb315666ab062814ddd

    • SHA512

      10e5904130cf22713f180107b0d3cc813db3cbfd2cce525ee61fcaf84bca114c21e8e5873890e5350e2a47a2f70085c29fd41544a5f14fcfd5d91a9947e7ba30

    • SSDEEP

      12288:vrZSt3KUdrYDlY5w/XKB+2sWaWdT/ahUxo0+Kmo0lMl1sR4PkiLU8SEn06s:jAWnK8I/aAVmthB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks