General

  • Target

    2024-10-21_5fff3ba3ea60ad8a176069897bb53339_poet-rat_snatch

  • Size

    23.7MB

  • Sample

    241021-scl1zazcpr

  • MD5

    5fff3ba3ea60ad8a176069897bb53339

  • SHA1

    63c8f911841c8242b69fb92e1d101b2de333eecf

  • SHA256

    b0bcdcc422e8b2c88a3eed50755bf53d35f0a74df88b40f66afd5f52678fef75

  • SHA512

    6af0da10b18f61eac0a49d729a5e731e28a0f256d5de1e27b9553296a7419e41a81039ecc5e39b792df956de5b6793d136ebf5fa3934e6fda0ae00943a9e5cdd

  • SSDEEP

    196608:MB6GIp6NmZ9SHowBg9fmIAw4Cs9ouPf5/:RqSPAw4Cs9ou5

Malware Config

Extracted

Family

lumma

C2

https://drawwyobstacw.sbs

https://condifendteu.sbs

https://ehticsprocw.sbs

https://vennurviot.sbs

https://resinedyw.sbs

https://enlargkiw.sbs

https://allocatinow.sbs

https://mathcucom.sbs

https://shelfedpriveowp.shop/api

Targets

    • Target

      2024-10-21_5fff3ba3ea60ad8a176069897bb53339_poet-rat_snatch

    • Size

      23.7MB

    • MD5

      5fff3ba3ea60ad8a176069897bb53339

    • SHA1

      63c8f911841c8242b69fb92e1d101b2de333eecf

    • SHA256

      b0bcdcc422e8b2c88a3eed50755bf53d35f0a74df88b40f66afd5f52678fef75

    • SHA512

      6af0da10b18f61eac0a49d729a5e731e28a0f256d5de1e27b9553296a7419e41a81039ecc5e39b792df956de5b6793d136ebf5fa3934e6fda0ae00943a9e5cdd

    • SSDEEP

      196608:MB6GIp6NmZ9SHowBg9fmIAw4Cs9ouPf5/:RqSPAw4Cs9ou5

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks