General

  • Target

    noreco private.rar

  • Size

    427KB

  • Sample

    240712-ct2vraxcmd

  • MD5

    b3108a8695092e9089a39f05ca5b9e64

  • SHA1

    fdba5c70b9c5f28bb0ea4c6d550a34c7d3c6f49f

  • SHA256

    8e806786e1f2423cce8184773c70de00e3dc6efa8402faf657076136c953440d

  • SHA512

    f4326a309c1ab38c4e8532236cdb6b3a6c133601f1508af99db7a1f6955cb1677964e1279a2319f847e366bf2fea9183539b472b32ab23fcddb35ccfe5c6f9da

  • SSDEEP

    12288:fOTvQ0TZozCjQualG1NmHE3q9DuOvnxU1yj:fOzQ4UGPqgKnxb

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://bitchsafettyudjwu.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      noreco private/Setup.exe

    • Size

      535KB

    • MD5

      98b3ea9429694b2e5d57a10c75d4e9ea

    • SHA1

      b070c4c01ab9038e408dd4454a4ebf9133567bfc

    • SHA256

      3abcbc3d932266d782475381f78b593aebe5bfc241f2c2156a1ac1d9c4929c1a

    • SHA512

      351217a83dff2bd57bcfa131a3c946a127a6f151ddb7004a2eb81be218ba9d57bad63d1f14bdb3f924b1e457fcd82f46e6f97556906e1c29c055f9bd71d37af2

    • SSDEEP

      12288:Rhg1qUewi3yNzilpbuYS6aDdhwBP6Ll0EOqNR:RW1qUBeFJuN6eiBPAxOU

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks