General

  • Target

    CFXBypass.exe

  • Size

    550KB

  • Sample

    241126-1gndla1law

  • MD5

    ee6be1648866b63fd7f860fa0114f368

  • SHA1

    42cab62fff29eb98851b33986b637514fc904f4b

  • SHA256

    e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

  • SHA512

    d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a

  • SSDEEP

    12288:SQ5vTleU6iA6AiJ/uJxZjUXUxYcuORWETWOORGzbZr4QClJJRJAr6Ok:SQ5pexaALoXe4

Malware Config

Extracted

Family

lumma

C2

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Targets

    • Target

      CFXBypass.exe

    • Size

      550KB

    • MD5

      ee6be1648866b63fd7f860fa0114f368

    • SHA1

      42cab62fff29eb98851b33986b637514fc904f4b

    • SHA256

      e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

    • SHA512

      d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a

    • SSDEEP

      12288:SQ5vTleU6iA6AiJ/uJxZjUXUxYcuORWETWOORGzbZr4QClJJRJAr6Ok:SQ5pexaALoXe4

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks