General
-
Target
Xeno.zip
-
Size
2.8MB
-
Sample
241230-n1ffwavndr
-
MD5
7c7e0183eb55a7234790e0baa3f714e3
-
SHA1
447d9686ae2f9f1de431a86a75b502d6c07aa16b
-
SHA256
62b868f24586ad772a667fc91205743db397c665a3e2b094aba9e56fef15276c
-
SHA512
44234b05775839308da8a993700370b54ee2e3d80347f44620a4841db151eb9f50d059d9a1ff5077ec45c5a00c3da9497ea76787ec6def2738e6b9f7eeb5d322
-
SSDEEP
49152:nfEkBcsjT/TcQvOVnFjfy/AMWQ1XyGZGhLPJhJkwNmRTsfVw+Ykf24/LIzKlbTOf:hBcsjfFvWFTyZXhfGpJhJ3A5egkf2UkZ
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://fancywaxxers.shop/api
Extracted
lumma
https://fancywaxxers.shop/api
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
Xeno.exe
-
Size
687KB
-
MD5
7ec34df0a7309de040f3d8377c8b9624
-
SHA1
6d94948fcd2473ecc1cc9566f7bbf0904dcfdd17
-
SHA256
5b22523ae17968cddb6c6c0c580beec2c79d17e7f263370fb09a8970faee1176
-
SHA512
dbafd9e62c18962f4e4b2e2ac2d3551327f30dac3f23653dfd4e548025d694a02c3ee4b752ffb76ebf4110e06647e7a4506b3307778db6f4d676d797981c9524
-
SSDEEP
12288:ywTw2cEBlpO0c4WrkJ724yJFJ+lLYg61IOP7tCZwD0diL84AKMFT+23cePtf930l:Pw2cEBlpOkh524yJFAlLGIOzsW0kL8b3
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-