General

  • Target

    Win.Installer.x32-x64.bit.exe

  • Size

    118.5MB

  • Sample

    240712-cyq9tavdqn

  • MD5

    2c9183c740c7569a095ec4152112558a

  • SHA1

    850e2c43d838331ccf521cc48cd64d5da80ed6c7

  • SHA256

    611c27e0730ee39045837dc97a8c6762e19ddde28f829fb315666ab062814ddd

  • SHA512

    10e5904130cf22713f180107b0d3cc813db3cbfd2cce525ee61fcaf84bca114c21e8e5873890e5350e2a47a2f70085c29fd41544a5f14fcfd5d91a9947e7ba30

  • SSDEEP

    12288:vrZSt3KUdrYDlY5w/XKB+2sWaWdT/ahUxo0+Kmo0lMl1sR4PkiLU8SEn06s:jAWnK8I/aAVmthB

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://demandlinzei.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Win.Installer.x32-x64.bit.exe

    • Size

      118.5MB

    • MD5

      2c9183c740c7569a095ec4152112558a

    • SHA1

      850e2c43d838331ccf521cc48cd64d5da80ed6c7

    • SHA256

      611c27e0730ee39045837dc97a8c6762e19ddde28f829fb315666ab062814ddd

    • SHA512

      10e5904130cf22713f180107b0d3cc813db3cbfd2cce525ee61fcaf84bca114c21e8e5873890e5350e2a47a2f70085c29fd41544a5f14fcfd5d91a9947e7ba30

    • SSDEEP

      12288:vrZSt3KUdrYDlY5w/XKB+2sWaWdT/ahUxo0+Kmo0lMl1sR4PkiLU8SEn06s:jAWnK8I/aAVmthB

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks