Resubmissions

06-08-2024 11:22

240806-ng2vrs1hkf 10

06-08-2024 10:55

240806-m1enxaxdmk 7

06-08-2024 10:51

240806-mxymls1eje 3

06-08-2024 10:49

240806-mw4r8sxcnj 10

General

  • Target

    ✪➳S͜͡eTuP✔!!・2025・!!P͜A@s$w0rD~KEY!#.zip

  • Size

    8.5MB

  • Sample

    240806-ng2vrs1hkf

  • MD5

    733a7c0d22b31529466fe41f9d900e2a

  • SHA1

    351c3476d64631a998e46309470164a05a628def

  • SHA256

    782f860451d89f2905e601d2b9aa2cc18b101be6a16c1fa1d760754e4c2f0b4b

  • SHA512

    b8e48efc97f107875cc9ae3c88bdfd68cc384263d585d5275ac2cd410650fe12003780d720b7e547a23e80fbffb6e2c4cfbb18c246b6043409fd2ee8efa7dfa7

  • SSDEEP

    196608:WXMwoXXUMMuabSO9PlXD1s7f8bsCvOsU2mldGpKnWsXGO9:HwYvO99Xh42sCHml9WO9

Malware Config

Extracted

Family

lumma

C2

https://chippyfroggsyhz.shop/api

Targets

    • Target

      Setup.exe

    • Size

      1.1MB

    • MD5

      c047ae13fc1e25bc494b17ca10aa179e

    • SHA1

      e293c7815c0eb8fbc44d60a3e9b27bd91b44b522

    • SHA256

      6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf

    • SHA512

      0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c

    • SSDEEP

      12288:a9hZPq27B7+x3dPC4gvgdVwTzDxsVyY4YoUwpf5kpRG6xsfJAYo2R0B5YD5sW91A:STS27B7+x3E4tdS/Dxkd4YoDfZ90gLS

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Executes dropped EXE

    • Loads dropped DLL

    • Detected potential entity reuse from brand steam.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks