General

  • Target

    valorant cheat (1426).rar

  • Size

    433KB

  • Sample

    241021-h9trzavcpf

  • MD5

    9869d8ee5d4cf36ae39725a8e53ad32b

  • SHA1

    0fa4f59df4976c5fb6b8215e2077d91f95cd5ba5

  • SHA256

    05118e36d9d405be2fd08b8ef8ecdb9c1a3d3d7898d232292473b42e7ccee2a7

  • SHA512

    bf13cc739d17e7acf2328a32c690fd84c653106736b463f3518f269911319792b88ace1d533a363bde9831954320d67a74a2ed14fb392d7a8098759a3ec5cd14

  • SSDEEP

    12288:pmXlp2vlLZua4mhr6ff66Li2qF2gY0tjhP7JIi4I+JsgJXasa2y:kXbGlVrf2U1BJIiqsgBasi

Malware Config

Extracted

Family

lumma

C2

https://snailyeductyi.sbs

https://ferrycheatyk.sbs

https://deepymouthi.sbs

https://wrigglesight.sbs

https://captaitwik.sbs

https://sidercotay.sbs

https://heroicmint.sbs

https://monstourtu.sbs

Targets

    • Target

      valorant cheat/valorant cheat.exe

    • Size

      30.6MB

    • MD5

      75bd0b95d1ac0678a29f78e60c34bd23

    • SHA1

      afe5fe6e9044ac07d54de02fa7c7370d31817c9b

    • SHA256

      d335dc93da146bb318e9c64ad206dde99bb868dc2c6aae222523b57da27e05b6

    • SHA512

      ba441464eec1cb4e1b583789ca5121f5b7fa2ba620025579b4335153b636373747a35ec2d36fe46c1dd208326c4cd62f4a046f335cf64cb8c66f46a0d4792d9f

    • SSDEEP

      12288:VcN8/LN/6QdXASu+0v3TUI6hXgGD5/acqY7pKSaEO:f/V5Nu+sDUjQGDJrqY7IFt

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks