General

  • Target

    cincinati.zip

  • Size

    982KB

  • Sample

    241119-marksatphv

  • MD5

    4b1eee4ab5a46f1215f7397a650e385f

  • SHA1

    93104208b9a3e25900e2c6489c398ec1ae07db56

  • SHA256

    3d36c412f3e9bd9983629b45cc34dc5ac1d48cec7232a3d8ace19ae1181f7649

  • SHA512

    c25c93642125540ac105932fe813243357df50d48cea289effa259a3e7cc2b272e3674c3119ae075412d214ca71b05d9e9414d0a6d50d033364bbf2258d07bb3

  • SSDEEP

    24576:toTUYr0y8REypuQNALZmH5H81Dn81bQ1Sy:t4USz8REyc3LZmZKn91V

Malware Config

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Targets

    • Target

      cincinati.zip

    • Size

      982KB

    • MD5

      4b1eee4ab5a46f1215f7397a650e385f

    • SHA1

      93104208b9a3e25900e2c6489c398ec1ae07db56

    • SHA256

      3d36c412f3e9bd9983629b45cc34dc5ac1d48cec7232a3d8ace19ae1181f7649

    • SHA512

      c25c93642125540ac105932fe813243357df50d48cea289effa259a3e7cc2b272e3674c3119ae075412d214ca71b05d9e9414d0a6d50d033364bbf2258d07bb3

    • SSDEEP

      24576:toTUYr0y8REypuQNALZmH5H81Dn81bQ1Sy:t4USz8REyc3LZmZKn91V

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

    • Target

      RomanticCopyright.exe

    • Size

      10.0MB

    • MD5

      a737e94c53a284ae8c712eb7b2a2d209

    • SHA1

      a5d4113415f38413b5bcc2698e4aaf573cf8217c

    • SHA256

      677b2f7ea578826adb9c0f359c6436c364f712803080b38d81ecc1f25e5b97f5

    • SHA512

      ab87ef25549d4860269015d279aaf90a35bfd4c26457271a84cacf64c0a0c97d0e4c435136fb9defd2c64307d1bc1e9596ee278c868e101f6a2c657f87bd80b6

    • SSDEEP

      24576:AoN7JofAGrqyy7IyDCaNg9L+HlH8Zlna1bQ1SD:nBJ+AEty7IyOD9L+FUnv1I

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks