General

  • Target

    https://download2269.mediafire.com/5zw7cc7yc83gbvK6v9FHiU3tZQYjBJNz7Pr_CqhaAUCJ_3sywSS97ERD2iD_Az_qp90gZ2uyjGNlq_rGFGQpHU3fYisz4sd3BJDvOXvREL6JO67wiG2woLX85mrB5CukL2XVAt1HCtXXj7naTtAd2eOM_AaVizKWXH-tr0HsQQ/o02kx2u6dpf05kz/Noura.zip

  • Sample

    240801-jzmrcazhnj

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://celosiapatroen.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

Extracted

Family

lumma

C2

https://applyzxcksdia.shop/api

Targets

    • Target

      https://download2269.mediafire.com/5zw7cc7yc83gbvK6v9FHiU3tZQYjBJNz7Pr_CqhaAUCJ_3sywSS97ERD2iD_Az_qp90gZ2uyjGNlq_rGFGQpHU3fYisz4sd3BJDvOXvREL6JO67wiG2woLX85mrB5CukL2XVAt1HCtXXj7naTtAd2eOM_AaVizKWXH-tr0HsQQ/o02kx2u6dpf05kz/Noura.zip

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks