General

  • Target

    S.zip

  • Size

    1.3MB

  • Sample

    241021-qjrtpaxapp

  • MD5

    0a4e0b96cd41f0d2520e4e9ec1145ea9

  • SHA1

    405fca442cf88912259b0ebfe0de5d25bf0d0656

  • SHA256

    8982fb3f4b3d431e50e1a2ca17d46559bdcd1b5b8f07e06a6e42da39e8a8f845

  • SHA512

    56e00a764d51ddd23fe63f36b7925754f560ed3da0c3561457a0c959ea3a6da0fe29e3f774ef81ca73c6f90909f3c89252787710d2d08de5b0f676c9dd0c254c

  • SSDEEP

    24576:3iQXw/0nm118wnccmrPxMUwgiLw0iaM2qcrls/aMie:3vXwcmYwnccmTxMUP3J0QaMD

Malware Config

Extracted

Family

lumma

C2

https://snailyeductyi.sbs

https://ferrycheatyk.sbs

https://deepymouthi.sbs

https://wrigglesight.sbs

https://captaitwik.sbs

https://sidercotay.sbs

https://heroicmint.sbs

https://monstourtu.sbs

Targets

    • Target

      Setup.exe

    • Size

      89.0MB

    • MD5

      8ca3c0938fc208653ee70c07c97d0b2f

    • SHA1

      6c16c9f971bd63fa66729a22462379cbc966bdb4

    • SHA256

      81aa20dea213a7b44f10cb281b4dca82ddeb0237867a41e85a61ed39045c728f

    • SHA512

      2187aee691bcf9236fa19f919c6b21db7b94e87ae274094d3b693d822b26648c8d61aaab66bc67da0bc615384cb660dd09322a526535ab17f737e8f22a7de0ea

    • SSDEEP

      24576:V2hmfw/0pe1fawnocABP/Mmig45o4saM4+cL9E/GMiy:/fwc8cwnocAZ/Mmx1FM4GMf

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks