General
-
Target
Promo Sony 2024 for Partners.zip
-
Size
63.4MB
-
Sample
241126-tqgtvaymcw
-
MD5
39953e1dae82b5be38e63aa2904fe8d8
-
SHA1
7ec87e6a7d1f5da118a62d63059edda96817afce
-
SHA256
5e8aadb6dbbcf2139bb708c5d10e09a02d2e395c149e31c5198fc6d7e204983c
-
SHA512
1e02ecb400bb1a9ab07f530fbeeba091cf67d2eca8343cc16e53e6e148f2fc5c3f356dae7029e2d3e291a5dbfce2aa49b48b6d7d2625076ea0b7af1d462ec902
-
SSDEEP
1572864:exexjAHwDisWjDB+3n9NIQjKKITR/b03g9:Iexjkw63B+39NpjAhAw9
Malware Config
Extracted
lumma
https://p3ar11fter.sbs
https://3xp3cts1aim.sbs
https://owner-vacat10n.sbs
https://peepburry828.sbs
https://p10tgrace.sbs
https://befall-sm0ker.sbs
https://librari-night.sbs
https://processhol.sbs
https://pear-meat.cyou
Extracted
lumma
https://pear-meat.cyou/api
Targets
-
-
Target
(Protected Document) Sony 2024. Integration Pricing.docx.exe
-
Size
8.2MB
-
MD5
aee0ce66aced945ef94a1d8adf8732ca
-
SHA1
013b7fa9204f35049b8502b55c5030f07133add5
-
SHA256
12cce70bc9223da41e808348799ff100a0ef144bdef5bda5d06504d815aa9665
-
SHA512
e3649f525d25809cd36f498952ead9d4ff965acf2cc77168bb9f1dc91f8dfd1ebf560c61d91aeac17687f196ff5ec711cddaf019c9bf1c7d595708037bbcdcd4
-
SSDEEP
196608:oYe6WYQXNfe6ADY354vbNNS10J1os6dX48ViId256:oD7YQXNvAkmbvaS1SBViG26
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Discovery
Peripheral Device Discovery
1Process Discovery
1Query Registry
3Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1