General

  • Target

    2024-10-21_19fa3a1cc2cf6cf0aecd7364a2e35a5d_poet-rat_snatch

  • Size

    8.0MB

  • Sample

    241021-jjt6gsvgkb

  • MD5

    19fa3a1cc2cf6cf0aecd7364a2e35a5d

  • SHA1

    47a878768677e0d37bdfe1aaacc9d3bd036f8843

  • SHA256

    19d73a16b9bd156d818ed075fda08b1fc284917fd0839d9f380ed47f71d2e211

  • SHA512

    6aa9981608d73a575c58ed2c6214db72aa2f1bd34c01717c19b1ded9f5868376671c8cf7ce7be1ad7b3e8e92c81c3733f8160ddbcf8489277ae4d867cb5fb819

  • SSDEEP

    49152:5ojkM0b84QJYgOSdHIyaX/Jrqs2ezxRY+V9te8unhyos8kmuiYwNCHBuIjy8mXob:KjkMh+d20XjV95tEPXod43A6IreXq

Malware Config

Extracted

Family

lumma

C2

https://snailyeductyi.sbs

https://ferrycheatyk.sbs

https://deepymouthi.sbs

https://wrigglesight.sbs

https://captaitwik.sbs

https://sidercotay.sbs

https://heroicmint.sbs

https://monstourtu.sbs

Targets

    • Target

      2024-10-21_19fa3a1cc2cf6cf0aecd7364a2e35a5d_poet-rat_snatch

    • Size

      8.0MB

    • MD5

      19fa3a1cc2cf6cf0aecd7364a2e35a5d

    • SHA1

      47a878768677e0d37bdfe1aaacc9d3bd036f8843

    • SHA256

      19d73a16b9bd156d818ed075fda08b1fc284917fd0839d9f380ed47f71d2e211

    • SHA512

      6aa9981608d73a575c58ed2c6214db72aa2f1bd34c01717c19b1ded9f5868376671c8cf7ce7be1ad7b3e8e92c81c3733f8160ddbcf8489277ae4d867cb5fb819

    • SSDEEP

      49152:5ojkM0b84QJYgOSdHIyaX/Jrqs2ezxRY+V9te8unhyos8kmuiYwNCHBuIjy8mXob:KjkMh+d20XjV95tEPXod43A6IreXq

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks