General

  • Target

    4b93cf26d6e6c52e332e084f0940c5e687a91b08e66ee822aae302d1b1f3c014

  • Size

    13.1MB

  • Sample

    241030-3w5brsvakl

  • MD5

    b736da6a81e01bebfdd469d26785e13c

  • SHA1

    e82d651e62747674fd6c8bfeb2ebdb569f572c9f

  • SHA256

    4b93cf26d6e6c52e332e084f0940c5e687a91b08e66ee822aae302d1b1f3c014

  • SHA512

    254bfdb89b477cea6f3edb5c1635b4bf5992a64abc1454627da26420a4dff26f61c7397ab8dfbfa002d4f53e0b07956f0319176bcc26d7eafa0e4ea6c31e0f69

  • SSDEEP

    393216:xa8RFy/nyLknMNJsywsseZIX2MURx3cor8:xBRFYnaBwvemGRvXr8

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://snailyeductyi.sbs

https://ferrycheatyk.sbs

https://deepymouthi.sbs

https://wrigglesight.sbs

https://captaitwik.sbs

https://sidercotay.sbs

https://heroicmint.sbs

https://monstourtu.sbs

Targets

    • Target

      4b93cf26d6e6c52e332e084f0940c5e687a91b08e66ee822aae302d1b1f3c014

    • Size

      13.1MB

    • MD5

      b736da6a81e01bebfdd469d26785e13c

    • SHA1

      e82d651e62747674fd6c8bfeb2ebdb569f572c9f

    • SHA256

      4b93cf26d6e6c52e332e084f0940c5e687a91b08e66ee822aae302d1b1f3c014

    • SHA512

      254bfdb89b477cea6f3edb5c1635b4bf5992a64abc1454627da26420a4dff26f61c7397ab8dfbfa002d4f53e0b07956f0319176bcc26d7eafa0e4ea6c31e0f69

    • SSDEEP

      393216:xa8RFy/nyLknMNJsywsseZIX2MURx3cor8:xBRFYnaBwvemGRvXr8

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks