General

  • Target

    Nexol (2525).zip

  • Size

    496KB

  • Sample

    241030-zemtlsskcn

  • MD5

    d92832278ec85cfb863920cde5379070

  • SHA1

    5298455790d3a4e44ba7125dce5e6e71da6e10cc

  • SHA256

    e310151d025b28fe865f831805bd73f3520b0e51625e212b208376439d4c79ef

  • SHA512

    ecb6928010a56a57ab5759a8bedaf0d7e8051326b8bbb353771404e7a45155c511de5d362748e0c44e535af0006ab2b98d49403f7ef06b13677c1ea7f0a36339

  • SSDEEP

    12288:6QkF2wMdYv6o1nIKUZQdnbIWunPrDbGPS4wm4NMzN9Vgz:6IojnCZQmWunPrfr4zZ9+

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://goalyfeastz.site/api

https://contemteny.site/api

https://dilemmadu.site/api

https://authorisev.site/api

Targets

    • Target

      Nexol.exe

    • Size

      625KB

    • MD5

      2154ecc6389155fdb4c4d9b72defa384

    • SHA1

      13f053d3567e3663bc710dae51c55f616014ba4b

    • SHA256

      c3b26f097e1e8aeca0fe1b1f765f066e375126b5b8661a565250bfc5e1e8da4a

    • SHA512

      3b6cb51841be537d14186d119dca6d18921d4fa84c9348ae575d61cc763d599c78a1aa566720257b9f71f7d09e9415427908beff512aa7db032b1622e13ef653

    • SSDEEP

      12288:QsQpSam0VxFrrWstS7VNxNPACQgUKJ6X6BXqzGOFSKne/OYhR9SPMv:Q3pmgXrWoiNIhLe6OXqzWGe/lR9SPMv

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks