General

  • Target

    Verus.exe

  • Size

    3.6MB

  • Sample

    241021-shyxqaxhnf

  • MD5

    646c43c09120496d971fc2fbbd22c301

  • SHA1

    2baddaa7a0eed23665110235ae5132215767001b

  • SHA256

    3889a6276257495ca38bbc6914d7157bb88cf8a88d1f767a3678aee6ae4cf2d7

  • SHA512

    4afae5ffda48fbdd7f5ed326a0cc2ff58e5ed131b96ee3b8f8f661584bbefa977cbca34b9ef82ddc8714e7b66beefef68315b1b6c18cf4703ce7d985e79e5940

  • SSDEEP

    49152:gR5bPO1jkBTI/hG47UELoYCVN5OdqybCTH:gb29X7UELoYC/5OdqybCTH

Malware Config

Extracted

Family

lumma

C2

https://conceptionnyi.sbs

https://platformcati.sbs

https://nervepianoyo.sbs

https://qualifielgalt.sbs

https://smashygally.sbs

https://fightyglobo.sbs

https://modellydivi.sbs

https://pioneeruyj.sbs

Targets

    • Target

      Verus.exe

    • Size

      3.6MB

    • MD5

      646c43c09120496d971fc2fbbd22c301

    • SHA1

      2baddaa7a0eed23665110235ae5132215767001b

    • SHA256

      3889a6276257495ca38bbc6914d7157bb88cf8a88d1f767a3678aee6ae4cf2d7

    • SHA512

      4afae5ffda48fbdd7f5ed326a0cc2ff58e5ed131b96ee3b8f8f661584bbefa977cbca34b9ef82ddc8714e7b66beefef68315b1b6c18cf4703ce7d985e79e5940

    • SSDEEP

      49152:gR5bPO1jkBTI/hG47UELoYCVN5OdqybCTH:gb29X7UELoYC/5OdqybCTH

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks