General

  • Target

    8bb92e2e6bed8376a4d44f2f30060c3a1687b82f1ac9961c8d1d906c600b350bN

  • Size

    562KB

  • Sample

    241021-lc5dzsyaqb

  • MD5

    53136eb1244ea58de7eb39b1b145bf20

  • SHA1

    9816dc2a1f8c4ff88e12c5231b93c53bb111afd0

  • SHA256

    8bb92e2e6bed8376a4d44f2f30060c3a1687b82f1ac9961c8d1d906c600b350b

  • SHA512

    962d634b310faa73cd2732d9a436f289d8a3d5414066ece100fba4cd155186b737ca6a100ab52deadf0c0000ee7a3492018ba47acc1449212eb5de06530f477e

  • SSDEEP

    12288:Yu7CD9TCmBPF4y4TmVdYJ6mqdzpnNVJou0TkiWhasGYJBA:d7mPgUzrnNVJSb

Malware Config

Extracted

Family

lumma

C2

https://drawwyobstacw.sbs

https://condifendteu.sbs

https://ehticsprocw.sbs

https://vennurviot.sbs

https://resinedyw.sbs

https://enlargkiw.sbs

https://allocatinow.sbs

https://mathcucom.sbs

https://dormynwj.buzz

Targets

    • Target

      8bb92e2e6bed8376a4d44f2f30060c3a1687b82f1ac9961c8d1d906c600b350bN

    • Size

      562KB

    • MD5

      53136eb1244ea58de7eb39b1b145bf20

    • SHA1

      9816dc2a1f8c4ff88e12c5231b93c53bb111afd0

    • SHA256

      8bb92e2e6bed8376a4d44f2f30060c3a1687b82f1ac9961c8d1d906c600b350b

    • SHA512

      962d634b310faa73cd2732d9a436f289d8a3d5414066ece100fba4cd155186b737ca6a100ab52deadf0c0000ee7a3492018ba47acc1449212eb5de06530f477e

    • SSDEEP

      12288:Yu7CD9TCmBPF4y4TmVdYJ6mqdzpnNVJou0TkiWhasGYJBA:d7mPgUzrnNVJSb

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks