Overview

overview

10

Static

static

7

Nexol.exe

windows10-ltsc 2021-x64

10

Nexol.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    N.zip

  • Size

    332KB

  • Sample

    250106-1ttfdazjcz

  • MD5

    d38e1625ff4544cf0e07b33de9b9e950

  • SHA1

    c882caaa6e2a961a214c6b4f8c4ea2253722ca8d

  • SHA256

    6d3cddd9eb85537d7738194faeb6677d786d34433bb4e4090faf4bebbf975232

  • SHA512

    b34979d8cb7011833de8b9e828411ae09a7ac917f8ceca8ecf095fa999004ae2b955b351958e1e7d6d2c1435fe53d4e73d6f7a8f418988ad8b499527c5e25337

  • SSDEEP

    6144:L1u6kDHADVXGPbchIphKenbVJ4r9b/+3F42GuNudmlBypm0ZWRbfYP:4Ws4hI7Kvrp/yGiucShWMP

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

    • Target

      Nexol.exe

    • Size

      350KB

    • MD5

      3b74f9fa57267f104cad29ae462c591a

    • SHA1

      468d086a35fad0dfbe5ced669a559581f100c087

    • SHA256

      440eb5deff4296eebe9809934b459070125736a3cfb59f989642f7bd15a3ed67

    • SHA512

      dd2eb4e843918d520ff81fb9dff4977fba84d71b05ae0418f11e87b441ba811940a2beea35925cf4b0ecc3be2d24e7e029a1d4ff44c782b53a60a77c9de10324

    • SSDEEP

      6144:CBx0zkVHADVXoPbchIpRKenbVF4r9b/E3FU2GuN6dmlBYpm0ZWRifY3:C/0jK4hIvKprp/aGi6ckhWX3

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks