General
-
Target
nokeyfunction.zip
-
Size
13.6MB
-
Sample
250103-p4qlpaxpdk
-
MD5
12d89813d1e437acf514f838d480bf5d
-
SHA1
c0b879c8e25541a6706464c054df0fe72f67afee
-
SHA256
2ac6fbd8a00c52b7b8a6c761584e838d94a29dfd2f846ebbb435ce8dddc61f74
-
SHA512
cceb5ea5050c2bfd8e1f49a1f2f047b94828786552bf0bc3d073fdcc792f9819327e57902f43c54c42c92e840c880f24511aa6d72a42c6e1c6b44c2ac19080f9
-
SSDEEP
196608:PHudXWVQ26vYkc+7/CNc2xXcKZZQPt1nmlb/Ue3EdtvV7NebhmQIKzGXnS7U+H6:/ee6wkH7/CzNcVVRI3EdrNe3IAqSa
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
nokeyfunction/nokeyfunction.exe
-
Size
503KB
-
MD5
055e6e64822e475ed15e37ddf39efbcc
-
SHA1
4c3b335d0742bb80df97fa4dc046e514c944db2e
-
SHA256
3f623e6a0c9ed4716e2f73cdb1e2079619c00b29e3930b5937882f3c6c6e1273
-
SHA512
7fd76cd302e895d908f238224e95b261331ee0274b4f70004162c85405b59be17445ea37794a46631d2c8ed3ffe51098ebc65796bdf19d8e7573987bbf13d56b
-
SSDEEP
12288:vztE0u86qlmk/xZ3/B+KI5sl+AAd6v0tXQJ:vO0uYlmsnPB+A+AKuUgJ
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Suspicious use of SetThreadContext
-