General
-
Target
Nexol.zip
-
Size
755KB
-
Sample
241229-zst5vaxkhv
-
MD5
297e4b6246a2e567b532b2cb7968ed22
-
SHA1
555e91243a5c93d7431f45978342642218bd3457
-
SHA256
3554a30a4cecc902fc2d17768b88291a27f8edf0a5d725147519c967d92a1aa7
-
SHA512
e78eaf6621360a692b6edbaa7f8e88f1d3d2ddb9f3c15290e2f1946ddde3501918b813d7b996a7d32075a031db6798a63c5facdad815f5cc228d25bb8e2ee4e9
-
SSDEEP
12288:gg1Ll2IAj37g9UaFUcm1dz1HZ+orQuAvBP5By00261ddJHZCoL8uAlhtlBXM:DJo7guh1dz18oUZvB7yf1ddJMowZljnc
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
Nexol.exe
-
Size
903KB
-
MD5
fb62d4c3e017cc56a89bb2b8c04017d2
-
SHA1
afa4971a75da20a17ab67211ffb091d19d098773
-
SHA256
12b0f706dd873ba934194045fd869f8f5b0a24af06e78e203e12536e303d1de2
-
SHA512
285c0073a03d75e12a30577dfbd51080cd9e43419b6afe9b96c0c5049bf1cf79d6677463515b3b6ffdaa1e8409c448a28b6f0cd1b73aa09400fc94717aa89e4d
-
SSDEEP
24576:OGEZcUhkBQa1dzvMoyZlj7ur1dzvMoyZlj7u+:OG0cUhkqC5vMb37uB5vMb37u+
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Suspicious use of SetThreadContext
-