General

  • Target

    valorant_hack (3489).zip

  • Size

    363KB

  • Sample

    241021-jaj9xswgjj

  • MD5

    b0ec5558fb4c064b8f200fc410b9d5f8

  • SHA1

    081dce255fc337a0cda81c26ebb7d65ecfc55ef7

  • SHA256

    a89a6ecf62241412139ef35499803399cba4a65f1565bae27c7699e1dfe88249

  • SHA512

    267fc8fb01c4588c647f68fea4aad38b2e9a0a20c1eb7bf0db7b7837ba8e7578361284ed2b4cb64c4a62661e354048ec6a6ad0c9303ee3d64eab458aba3df684

  • SSDEEP

    6144:tKKY9QL/DYCWyxdBPPwko0Mcr//c1R0StDFkXAGxU9DAnPynveEG9JDVU9sm5AET:ARO/HWyxdBHPrktF+URAPyveEG7xU55h

Malware Config

Extracted

Family

lumma

C2

https://snailyeductyi.sbs

https://ferrycheatyk.sbs

https://deepymouthi.sbs

https://wrigglesight.sbs

https://captaitwik.sbs

https://sidercotay.sbs

https://heroicmint.sbs

https://monstourtu.sbs

https://consumeroo.sbs

Targets

    • Target

      valo_hack.exe

    • Size

      387KB

    • MD5

      3d6e839df6be9231e7322e51ff026e76

    • SHA1

      ce81748507ce4ac3f0748f9aca581916021f8221

    • SHA256

      380578c5c800d529a5e41cf1d0cab2b01e34bf8859f5e031465cd298eaadac4f

    • SHA512

      2fc689dc57b9fb5bd9ba7f3f0b7480d5fc6abbb59c000689df95690fa7a6540dbc6f85296a86c1b7f58d222f4a742d8eec55edadbcc3e48e8015d6d97dee6ca8

    • SSDEEP

      12288:9ktY2XPhWY5EfrhyQVYZFF2F56USdmAA+bMgNjqIPya+:qtY2XPb5iuqF5GAARb

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks