General

  • Target

    i3z.txt

  • Size

    340B

  • Sample

    241030-1r37sssaph

  • MD5

    97bea7bb8c406fd6bbe9b4fee25da060

  • SHA1

    43d5b66dd6485e2dc6c2cc6ca35fb3018320445f

  • SHA256

    06c8e364df5af4d3a526837daabae867764f63e6b6f9b3d69367f8affe19bccf

  • SHA512

    0146d50859e4e9d3fd8857c23dbc0d1630577b58cec222162269253f86141fa7e9790b19cf9d68c16596831ce1902f0dbc0ac861b3219adc89dd48079bf53abd

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://pub-c13566988b4f4e95a34c68d33362e742.r2.dev/sckvghjkl.zip

Extracted

Family

lumma

C2

https://goalyfeastz.site/api

https://contemteny.site/api

https://dilemmadu.site/api

https://authorisev.site/api

Targets

    • Target

      i3z.txt

    • Size

      340B

    • MD5

      97bea7bb8c406fd6bbe9b4fee25da060

    • SHA1

      43d5b66dd6485e2dc6c2cc6ca35fb3018320445f

    • SHA256

      06c8e364df5af4d3a526837daabae867764f63e6b6f9b3d69367f8affe19bccf

    • SHA512

      0146d50859e4e9d3fd8857c23dbc0d1630577b58cec222162269253f86141fa7e9790b19cf9d68c16596831ce1902f0dbc0ac861b3219adc89dd48079bf53abd

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks