General
-
Target
8d66a49e42833b28fef52ebc9a3a68911eb400f9ceaca3450140e5730c5f0489.exe
-
Size
444KB
-
Sample
241127-dgzejatmds
-
MD5
3acae8e40aed53da28454395d75be878
-
SHA1
273834be36ad0df0e03303476f53febf60f593fe
-
SHA256
8d66a49e42833b28fef52ebc9a3a68911eb400f9ceaca3450140e5730c5f0489
-
SHA512
69e60cd34eee7b3c2cc3b7db2913f736873f4ebf3e1cbf457e7c749b79f528a94e652e94c3a70faf13725a1840db3c2e0b5bfe79a3a2b7171bff3a9019bd8e69
-
SSDEEP
12288:YeFpDFrrXILt+I2V75hGT29Ud9qtOzY3bkNe+gfg5uH6dBVCybrP/F4fhd3L0iWU:5HFrrXILt+I2V75hGT29Ud9qtOzYrkNg
Malware Config
Extracted
lumma
https://powerful-avoids.sbs
https://motion-treesz.sbs
https://disobey-curly.sbs
https://leg-sate-boat.sbs
https://story-tense-faz.sbs
https://blade-govern.sbs
https://occupy-blushi.sbs
https://frogs-severz.sbs
https://property-imper.sbs
Extracted
lumma
https://blade-govern.sbs/api
https://story-tense-faz.sbs/api
Targets
-
-
Target
8d66a49e42833b28fef52ebc9a3a68911eb400f9ceaca3450140e5730c5f0489.exe
-
Size
444KB
-
MD5
3acae8e40aed53da28454395d75be878
-
SHA1
273834be36ad0df0e03303476f53febf60f593fe
-
SHA256
8d66a49e42833b28fef52ebc9a3a68911eb400f9ceaca3450140e5730c5f0489
-
SHA512
69e60cd34eee7b3c2cc3b7db2913f736873f4ebf3e1cbf457e7c749b79f528a94e652e94c3a70faf13725a1840db3c2e0b5bfe79a3a2b7171bff3a9019bd8e69
-
SSDEEP
12288:YeFpDFrrXILt+I2V75hGT29Ud9qtOzY3bkNe+gfg5uH6dBVCybrP/F4fhd3L0iWU:5HFrrXILt+I2V75hGT29Ud9qtOzYrkNg
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Suspicious use of SetThreadContext
-