General

  • Target

    ValorantHack (2024).rar

  • Size

    754KB

  • Sample

    241021-jbk8lsvdmf

  • MD5

    40317cd98bc70cd3a4fd702d8c5ef168

  • SHA1

    d5d5c8a37b6543cd8e632c25dd9fe1818ead8b16

  • SHA256

    75052b45ca073f471816883db321fa8be70ca2b993fd248955b3f08974b82266

  • SHA512

    2848c98715b0e4ba9908c3050cd43f1408d8a1384f1e4ff4145409493fddb0e8a6d0f6404e4ba919ededcd094dcf9990a6294e535f9d36f9126d4e14995e0672

  • SSDEEP

    12288:4RsS+75Yl5jvBYRHwtGOIpusm6+gc11u+WB+30kZamldw+GB6IIlz1UiUyyxyL8N:4IObe2ZZsrp61Wzko0GB65l/TyYL8syv

Malware Config

Extracted

Family

lumma

C2

https://drawwyobstacw.sbs

https://condifendteu.sbs

https://ehticsprocw.sbs

https://vennurviot.sbs

https://resinedyw.sbs

https://enlargkiw.sbs

https://allocatinow.sbs

https://mathcucom.sbs

Targets

    • Target

      ValorantHack.exe

    • Size

      374KB

    • MD5

      f76d84234a90accfde53ba781e34c7eb

    • SHA1

      ab0592d63d43721b07479f0c74cea40d15450cd4

    • SHA256

      6c02907276108b455ba0392c48c0888de463da50240a54721dde637c2de71d13

    • SHA512

      24fd876d3cc36957847c614bdcf0cd95b59688408555a18b27686221fd5b53232d724cd699b8fa1ba24031144a36234581fec47106e481004ac2806fef1ae33d

    • SSDEEP

      6144:A32A0VwTgAfcow8eyy5lbj5G1PhyuvgqiTzY7tztP87ho8SHyXRrsahfn0xG:mNwaKXoS+px8NovSBsahfn0xG

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks