Overview

overview

10

Static

static

3

Yuqu/yuqu.exe

windows7-x64

10

Yuqu/yuqu.exe

windows10-2004-x64

10

Yuqu/yuqu.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Yuqu (8188).rar

  • Size

    1.8MB

  • Sample

    241004-zrswdswbnj

  • MD5

    86cce76469767efb12e259c75ec8a623

  • SHA1

    4410975af129ba06689bae4564c27ac2346151a6

  • SHA256

    570ed8ad1d22fd5b85be101a40f5bc452090403622acb975f81d087d0b789495

  • SHA512

    8a159c8775d1c255fbdd30bcf75f4676c4bde9bb1a7c7a8f5b52fa4ddbec8843a554a8a9676e5075116abc4250971d46882b63a371d1c8c3affb998dc7e2c36e

  • SSDEEP

    49152:tnVJZnTM0pOJD4zQqGdV/sVdSUDPvxC04rumDildanH:tnVvTM0p6D4QqGv/OpD2umeCnH

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

Extracted

Family

lumma

C2

https://mixturehari.store/api

https://mobbipenju.store/api

https://eaglepawnoy.store/api

https://dissapoiznw.store/api

https://studennotediw.store/api

https://bathdoomgaz.store/api

https://spirittunek.store/api

Targets

    • Target

      Yuqu/yuqu.exe

    • Size

      518KB

    • MD5

      c089dd0ffb2fa03016a2f7792b524f49

    • SHA1

      29b6c4bdf791be1f54e230e2a58228b45c0097a9

    • SHA256

      ee832301302daf7ebfeee4f5f220fed6146f9b3c0fc4d6a32863d62eea7c3907

    • SHA512

      6ae1647fbb2f41e5e8f5eb3e68698dab84e8a15f858fbe759da53b6e0b6aee4d68a50fbd5da8f8e8b99d4c3f95f6054509ec49d3b16fb939a27104589a589794

    • SSDEEP

      12288:lyzihJChKUjKbQH+69EKwBR9/o7fVf0KclOczkTqomGyk1gpfsP:S3EpQe69Ex9s2vlJIOnkV

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks