General

  • Target

    TiagoExecutor.exe

  • Size

    554KB

  • Sample

    241126-kehgkatjaz

  • MD5

    613df599866679f7f19d12ff86220db8

  • SHA1

    33a2f464888fd8aedd2c4cd8f79e9e43321d8465

  • SHA256

    65f8e0e219637833386b6cfe27bd2f8446a214f02149628c63dd0329501e17e6

  • SHA512

    4091dc9ce75e7ff9a1131aa200e30ca293a8619a616bce17a4f5fa6e79602848efd422be64be7af8aff3c99f75536d2ea45dbcf1d7afb0a7998a0526bf76ce13

  • SSDEEP

    12288:2Nqf82rBbd4Qlj68ZEpv/7B+WIOzys7AsMC6WReVDTKwWZwfwsBAlny7Jc23OBuB:2s82ZWQx6AKsWL

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://pedestriankodwu.xyz/api

https://towerxxuytwi.xyz/api

https://ellaboratepwsz.xyz/api

https://penetratedpoopp.xyz/api

https://swellfrrgwwos.xyz/api

https://contintnetksows.shop/api

https://foodypannyjsud.shop/api

https://potterryisiw.shop/api

https://extorteauhhwigw.shop/api

Targets

    • Target

      TiagoExecutor.exe

    • Size

      554KB

    • MD5

      613df599866679f7f19d12ff86220db8

    • SHA1

      33a2f464888fd8aedd2c4cd8f79e9e43321d8465

    • SHA256

      65f8e0e219637833386b6cfe27bd2f8446a214f02149628c63dd0329501e17e6

    • SHA512

      4091dc9ce75e7ff9a1131aa200e30ca293a8619a616bce17a4f5fa6e79602848efd422be64be7af8aff3c99f75536d2ea45dbcf1d7afb0a7998a0526bf76ce13

    • SSDEEP

      12288:2Nqf82rBbd4Qlj68ZEpv/7B+WIOzys7AsMC6WReVDTKwWZwfwsBAlny7Jc23OBuB:2s82ZWQx6AKsWL

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks