General
-
Target
hoodz.zip
-
Size
623KB
-
Sample
250106-gbs74szncr
-
MD5
cdaf900259ce52736b6ee2523d303e64
-
SHA1
8309cc24e5301782c70272e6f7329d2a7f01d6ec
-
SHA256
573847fef714d09a4420695c37d25a28f151cf27200ea5384baacb5c4231f9e6
-
SHA512
e9d0eb783bea00eb693019fe478b99fc19a74eeb37471fe38d896379003df264209f82c74cb9956e77ab89df885598a2e03f6e828fdffc704faa5db7850037c5
-
SSDEEP
12288:nz4D2d42rDxI0Np89ZMF3FGvaErEIRjGzA0CNiCT7KLW0e/oEb8lLiZf:nVdRVI0NpPkvaKEIRjGS1PCW0AoE+LWf
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Extracted
lumma
https://abruptyopsn.shop/api
https://wholersorie.shop/api
https://framekgirus.shop/api
https://tirepublicerj.shop/api
https://noisycuttej.shop/api
https://rabidcowse.shop/api
https://cloudewahsj.shop/api
Targets
-
-
Target
hoodz/hoodz logger.exe
-
Size
743KB
-
MD5
7177b0ba961ddd258ee9672d436d6b63
-
SHA1
cdb7aef7f7a05430d323c00d43fe98af4680fa28
-
SHA256
1abcde09d85b8ff8788f23afaf33674557563273df5961719bc65216aa3a1a95
-
SHA512
df1b07f5d4ff53afc4547fb371af1393bafce2eec0cc96ab0ceeaeb4500a3e771f4d1b9c7936b86f38241abfdfb53c9cf2fff22d3a0e7006015f50c165c59078
-
SSDEEP
12288:RoA2sfoKrzzpKnToLX5y8anwFgBGOXtoTmDr1aVupsZTDfCc71FT/mI69puLam6q:n2sg0z2ToE8+Q8tpDr10fCETZ6
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-