General

  • Target

    fix.rar

  • Size

    47.4MB

  • Sample

    240827-a55pnsthrb

  • MD5

    4f16d7c8b5096c55d7ef0a1d0814136f

  • SHA1

    522b34e64d4b7bbdefa81b1d2f6d05644448060a

  • SHA256

    380ddb92cb04d1c7030f74ba59bad9c1f06ec3a6b5b2a92ea3b8348d0ab3ecfb

  • SHA512

    3d979ed8eb2f26ccbf6210b38d8ee39d8b854b19f4fbe68d1f3f19a9bfd79ba1fdc5afb6e1c26e95638d8483a62d439eb4e34be299cc9c4e38fc375a0112a792

  • SSDEEP

    786432:vMhCwNbiMSvHLKFDY1hFTwfhoxsdHly1DyKKVsTOLmrB0LhR3yA6PiBUv9:vMh/1KeF03F8ZoslyELwU1F/Bw9

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://froytnewqowv.shop/api

Targets

    • Target

      fix/UICommon.dll

    • Size

      113.0MB

    • MD5

      ec05ba1d3b3781d982040e267aa7ccb6

    • SHA1

      a21c81658279b46fda7d342d18ebefcc95bd1776

    • SHA256

      55e3463f779e122c93411367705c5128801e31fc0455f099dc6022fc6ad4d496

    • SHA512

      1fe06a6cdd3f4065c113c0211b4a553aba55597aa99e4609e30deb20e73aed0fccd83fb87587491fe2c7050fbdf565ad2b560f3ff6cbf3c7d0ec1613d22d7b34

    • SSDEEP

      1572864:rHp26OVbsHkKHp26OVbsHkUFwCRTMBWrmRHp26OVbsHk2:1OVbm/OVbmbRTMBwcOVbmT

    Score
    1/10
    • Target

      fix/libisl-13.dll

    • Size

      116.2MB

    • MD5

      838ade0992a33a5adefd56ec69bd92b6

    • SHA1

      f1abbaf2228aa5d59b2f6f1117ba44aa895d7bb8

    • SHA256

      68fa832d4b6a1f0addc07f3d87ef1f3a4d2e441671544b20763e1fc33c9454e4

    • SHA512

      11951faa91d33b94f6156f15c5c3fd2856eeb0071e8615d4568a9bec2f1caf45a6ca797e7460894d6ba660f0afbccad0d20bcedec38de0b245296445e53a968c

    • SSDEEP

      1572864:kn6Isjlk7sin6Isjlk7sGn6Isjlk7sGn6Isjlk7sd:asjlovsjloFsjloFsjloe

    Score
    1/10
    • Target

      fix/msvcp140.dll

    • Size

      480KB

    • MD5

      b04d6a509d08cfe6f0f14a9f19175d03

    • SHA1

      eb5aba1c05fec94f4de2c64665d0ab02299482f6

    • SHA256

      4194294d17032d0361ea52db212bbc41d203cb322e23e5204f1f06a53ae8a58f

    • SHA512

      20f6d70f5bfeeda2570fec51528393bcdd3f24f6b3b273730cd8bb74c395e7f856ec986d19f19315bb4f07560e2a0e12032146272e7163cffd7cf0d9c83bc385

    • SSDEEP

      6144:Pf9SsSntN4SdD7FO8wVnwmceN7tLjw5gVXpMLECYdehlKeX3F+kTsJ9STLVkv9cp:nZSntN4S5ZeVXpQTRdzTsJc/KvmToX4

    Score
    1/10
    • Target

      fix/x86_64-w64-ranlib.exe

    • Size

      250KB

    • MD5

      b40603b7987e2a438a9031274f9b3a2f

    • SHA1

      33991bf7f63266d80dce58b562a39961f70a44a4

    • SHA256

      fa7512bc01ed215ecbbcc2c1fd8b73fd77c6222f3f86604f714881d4460fa11f

    • SHA512

      c09abbfb10c49a50b3b4c1a5f08a9576a0cb89e87e5d8c60685db4aeb9ec8e47f59773685d182bfcbed8ebe3e72b50503a27876cd917f12a3f39a68816635796

    • SSDEEP

      3072:76b0UkfKZe8wvHInktbACG9er/wFpz05+t6lTMBorSaXXlXf:Ob0UctzH6QjsUazm9

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks