General

  • Target

    Setup.exe

  • Size

    70.3MB

  • Sample

    241123-m99weazmep

  • MD5

    9f255c59cb7291f7170e4418a649bd8e

  • SHA1

    61ff59f20f18bd99847def7b88b3f8350d778de3

  • SHA256

    22fbcd9bba70fe43ccd1f1ca55b79c1d74238b7a3cacbffad165fc07e70d832b

  • SHA512

    07caf2a927878e94ecc89fd62fe5f565ee5d30d70d3080ad72f861dc3ca9cc60c3b885bcf90dae83e81866e3cca66a57468fac246ab676830d59143e2baf17af

  • SSDEEP

    196608:FBRF28rm4cOYfGvAA7a94pHL9VvJYQ7AuvHGRoc7hwd0fkBST3C9Og:FBRE8tYevn29cLf7J

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://mysticriver.shop/api

Targets

    • Target

      Setup.exe

    • Size

      70.3MB

    • MD5

      9f255c59cb7291f7170e4418a649bd8e

    • SHA1

      61ff59f20f18bd99847def7b88b3f8350d778de3

    • SHA256

      22fbcd9bba70fe43ccd1f1ca55b79c1d74238b7a3cacbffad165fc07e70d832b

    • SHA512

      07caf2a927878e94ecc89fd62fe5f565ee5d30d70d3080ad72f861dc3ca9cc60c3b885bcf90dae83e81866e3cca66a57468fac246ab676830d59143e2baf17af

    • SSDEEP

      196608:FBRF28rm4cOYfGvAA7a94pHL9VvJYQ7AuvHGRoc7hwd0fkBST3C9Og:FBRE8tYevn29cLf7J

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks