General

  • Target

    download.bin.exe

  • Size

    1.1MB

  • Sample

    250103-1xre7aykcm

  • MD5

    47bd83617560c80c7e805b546ea2a258

  • SHA1

    09daba42fcaba0481d72e26a201d4eb442a842b9

  • SHA256

    ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557

  • SHA512

    1d916bb6927680a1b65c414a075caf2302a5375cad9a5d5be941a56c85a1f5996435a6dbdce8614964edd325b4530a926e506a043ebe5e8f942efd152a0f25b3

  • SSDEEP

    24576:vBg/P8B5+B25I3e3LxT3huxT5TXyV7Jir8XLLAO+:vBS0425IO1xu15ToEobL2

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

    • Target

      download.bin.exe

    • Size

      1.1MB

    • MD5

      47bd83617560c80c7e805b546ea2a258

    • SHA1

      09daba42fcaba0481d72e26a201d4eb442a842b9

    • SHA256

      ec8cd0b52b6d8839d69c9ceb691cd5a92d183394b749c5ba354d31e124cc4557

    • SHA512

      1d916bb6927680a1b65c414a075caf2302a5375cad9a5d5be941a56c85a1f5996435a6dbdce8614964edd325b4530a926e506a043ebe5e8f942efd152a0f25b3

    • SSDEEP

      24576:vBg/P8B5+B25I3e3LxT3huxT5TXyV7Jir8XLLAO+:vBS0425IO1xu15ToEobL2

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.