General
-
Target
dl.zip
-
Size
15.3MB
-
Sample
250104-ycybwstngx
-
MD5
942c6d5e52a4856912a9c704520e5547
-
SHA1
e52c6ac3d1d1cae6e8ee78f4d4e683f1fc58029d
-
SHA256
70e0aff206cd0d3e9cc47f93a034db6489a728641b247d1a299f02bb90bd0455
-
SHA512
f9291aecc61735a90377fbe208c846cde1e8e22b0886928dc25862378b9f2688f8b93a0445624fa3689883d61da1ff812ab96650dfe6731b8918d8006ea83de5
-
SSDEEP
393216:G/w0EYYnKMidc6VeATccR+IpyZSSlA2hTlsL+f:VrdJ+cQulIponhR1
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
https://quitaffternav.sbs/api
Extracted
lumma
https://quitaffternav.sbs/api
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
download_offline_rar.exe
-
Size
923.2MB
-
MD5
bd30e5e7fc8e57f276b6eccceee86dd5
-
SHA1
5237df5a4f8e5192c7f09ca9136ab222e8dd0a91
-
SHA256
48bcebf2bffcdff630d356a510c5464727f19e57382b0a9f31c9f8495aa2c7f7
-
SHA512
f8db25e7d81ca3f264326f5863bd76d5c4c5f1a037020a17630ff18eab2d969725db7e66f10d43dbe6a4f9669de37ce762796f702b7408e52bd76a7fabeac09b
-
SSDEEP
393216:qtCShZKJAIfTDu86cBPplurCQeI2EkzDnabtCB4LlV9acZ0D5A0tPTD:OECILXmOSzGd
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-