General

  • Target

    532d05ffeadbd71ebd3427d829a6759f.bin

  • Size

    16.5MB

  • Sample

    240801-cenpkszgqg

  • MD5

    d14b4ab0fa516a8132fbaa3f7f420d33

  • SHA1

    c31652da8a898ef088dd33e5378b42ba5169e8ef

  • SHA256

    7e39b18800ab3925c3c6fcf9f1815b6c6c8516c39979c89063b205b8f0e08fb7

  • SHA512

    60106619f7581a81db4726d6c0c691fb583297c26bafe45cf5c321fa2a6b1a308e0e335e3801ebaca7f6c663d34d38d3dd07f6a0db62cf98145ac66f9ff72972

  • SSDEEP

    393216:x25IRZ7bDcgFBWa8UobbEFHECc5/x3YfTEvYydiv53:xia+JnCyxIfkY/53

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

Extracted

Family

lumma

C2

https://applyzxcksdia.shop/api

Targets

    • Target

      cb25ccf6059c2f8a041f22e6fb110b7fbbc6cbdb4a5c35f0555cd735b5686a42.exe

    • Size

      16.6MB

    • MD5

      532d05ffeadbd71ebd3427d829a6759f

    • SHA1

      f29fce536f35aeda262f07624469cc7932e0a5d2

    • SHA256

      cb25ccf6059c2f8a041f22e6fb110b7fbbc6cbdb4a5c35f0555cd735b5686a42

    • SHA512

      b7aad59e3c0eaae7a09bb5d7866fad8f1951ce86975eb736863654bcc5ec6afcb441761c54c55396f99cfe7d6fcf21818d2bf5449092ae3d4853e5d02f28fbb8

    • SSDEEP

      393216:Upw0Jt5ov09pHGru+gIo2Ci/3Bh1kYnXQS2BKKQqS6gjeXECSZEP6T:IwcUv00utILxhBXiBWqseXEbT

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks