General

  • Target

    Setup_v1.66.exe

  • Size

    545KB

  • Sample

    241021-tnn55syejg

  • MD5

    acd42e7a42c66fd3928dbb1b1002717d

  • SHA1

    7be49b0e8c27711b6f8641c10b757b929b380b1d

  • SHA256

    403e76f68fb85706eaadd66222df065c4f3024ae2d8df8fcabc29f38e0005fb6

  • SHA512

    281f1bfc21b52bed29aa7ecb4a2fc1a0317966ef348257c27fa76906cfe733c0f8a500479caf21fd5c03c4ea497ab43ea6027955a5898de8aeeb1d4afab57b51

  • SSDEEP

    12288:sFpvjAONMRoX1S//+6adr1JonaR3u5Z/GY2ETEO:ypegS//VaBfoaR+5ULmt

Malware Config

Extracted

Family

lumma

C2

https://drawwyobstacw.sbs

https://condifendteu.sbs

https://ehticsprocw.sbs

https://vennurviot.sbs

https://resinedyw.sbs

https://enlargkiw.sbs

https://allocatinow.sbs

https://mathcucom.sbs

https://dormynwj.buzz

Targets

    • Target

      Setup_v1.66.exe

    • Size

      545KB

    • MD5

      acd42e7a42c66fd3928dbb1b1002717d

    • SHA1

      7be49b0e8c27711b6f8641c10b757b929b380b1d

    • SHA256

      403e76f68fb85706eaadd66222df065c4f3024ae2d8df8fcabc29f38e0005fb6

    • SHA512

      281f1bfc21b52bed29aa7ecb4a2fc1a0317966ef348257c27fa76906cfe733c0f8a500479caf21fd5c03c4ea497ab43ea6027955a5898de8aeeb1d4afab57b51

    • SSDEEP

      12288:sFpvjAONMRoX1S//+6adr1JonaR3u5Z/GY2ETEO:ypegS//VaBfoaR+5ULmt

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks