Overview

overview

10

Static

static

3

WinFIG.exe

windows7-x64

3

WinFIG.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43.zip

  • Size

    10.5MB

  • Sample

    241002-bvnh3szglr

  • MD5

    4bdd611a7ad3d92fd9f92ff7cb82cb26

  • SHA1

    016fa1ccb023b92b3adb3c5aaee00468b9c19136

  • SHA256

    98096930546353bf9c8fdb90c189285a560bdbf3a1d0d6ee4eebc42c8b35ff43

  • SHA512

    0df9aa20e3f1ae0638745c10105506ba5e04b1190ee98868c11caceb5735aa39b66c87e15597b5f1ec53dcd604e2b74ec82131eb5c1fd2d64f7fcd9f59ddee02

  • SSDEEP

    196608:DvYzWnQSzw1kXDp4PUWsAM7nIUssbrB42Qvro3sQbv1wqlfbr/BTpEG8M9bo9yDi:DvYzWHz00+sJssbrB42QvrKTvKqlf3/u

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://reinforcenh.shop/api

https://stogeneratmns.shop/api

https://fragnantbui.shop/api

https://drawzhotdog.shop/api

https://vozmeatillu.shop/api

https://offensivedzvju.shop/api

https://ghostreedmnu.shop/api

https://gutterydhowi.shop/api

https://pianoswimen.shop/api

Extracted

Family

lumma

C2

https://gravvitywio.store/api

Targets

    • Target

      WinFIG.exe

    • Size

      761.6MB

    • MD5

      40e7550688efdaea9445bceebecd88fa

    • SHA1

      be35f74dd79cee6843b052f1bce580469fb20714

    • SHA256

      4304cf12a607df22c6bb588e79c597ca0e96e24dc020e84063224eb1c8fa61dd

    • SHA512

      b8eb8add54265117c0337049d88ed115d252b37f493f03a23442771c8bef53942c5736562e4ad9d10feca29dc621a2a3f13add6c09559f0dd90808dd3191b448

    • SSDEEP

      393216:5tNN1HB88zxIFscBXiQNI4HyPT68IYuY5pF2IsNFcvA:9bimcViQNYT68IYuY5pYIsNFcvA

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks