Resubmissions

06/08/2024, 10:36

240806-mnb29a1cld 10

31/07/2024, 13:48

240731-q36ryswemk 10

General

  • Target

    9a2f0d4cd795b20afc205578901975f279f3d23319686b37a86890b406c4afc0

  • Size

    3.4MB

  • Sample

    240806-mnb29a1cld

  • MD5

    06d348b002f2b5ba1b1f87a6c5d9348f

  • SHA1

    690474ecf034a8f00523b89d364d12d07923c519

  • SHA256

    9a2f0d4cd795b20afc205578901975f279f3d23319686b37a86890b406c4afc0

  • SHA512

    44c810947a550eb71363eac27d8168cb200b26f0e970489fc8f1405a1e3cc59b6e8ede9c52ed006b410c63dc7ed422df5338886aae777302541e3aca6aad8c1c

  • SSDEEP

    98304:zkYumC1VV49yD+ehuuom6GyVD9q2v36wDbz07cxdAjfoDgZNu:zZdoOI+ehErD9qU3d3z0yAjpNu

Malware Config

Extracted

Family

lumma

C2

https://ballottynsjm.shop/api

Targets

    • Target

      9a2f0d4cd795b20afc205578901975f279f3d23319686b37a86890b406c4afc0

    • Size

      3.4MB

    • MD5

      06d348b002f2b5ba1b1f87a6c5d9348f

    • SHA1

      690474ecf034a8f00523b89d364d12d07923c519

    • SHA256

      9a2f0d4cd795b20afc205578901975f279f3d23319686b37a86890b406c4afc0

    • SHA512

      44c810947a550eb71363eac27d8168cb200b26f0e970489fc8f1405a1e3cc59b6e8ede9c52ed006b410c63dc7ed422df5338886aae777302541e3aca6aad8c1c

    • SSDEEP

      98304:zkYumC1VV49yD+ehuuom6GyVD9q2v36wDbz07cxdAjfoDgZNu:zZdoOI+ehErD9qU3d3z0yAjpNu

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks