General

  • Target

    Collapse.exe

  • Size

    357KB

  • Sample

    250106-nhpa3avndz

  • MD5

    6fd28ba66676ec24c20f7a1a02aca6a5

  • SHA1

    32ab78c8d3b4cc45aeb34fff6e2e50b997b1e646

  • SHA256

    9a633fefd34e2ef705e2e28717cbf536427289c4fbceb6685e2f4174d6335023

  • SHA512

    7bcd1fb02dcbc3eab541d1c30bea4f04a6804c5a845daff3e80f85f433337312c5935912130b9b392f816244baf6aee84c31198e496a550586cd8b98d35e4281

  • SSDEEP

    6144:M9UgE9lgn7jVf+8aIpgRxLKUPSYjQkceSHmhhgWRDdSVh8VusOQAFKsM8Noc/Ft:E0lg7j55mf2Y+0/RDdSVGBOVoc/H

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Targets

    • Target

      Collapse.exe

    • Size

      357KB

    • MD5

      6fd28ba66676ec24c20f7a1a02aca6a5

    • SHA1

      32ab78c8d3b4cc45aeb34fff6e2e50b997b1e646

    • SHA256

      9a633fefd34e2ef705e2e28717cbf536427289c4fbceb6685e2f4174d6335023

    • SHA512

      7bcd1fb02dcbc3eab541d1c30bea4f04a6804c5a845daff3e80f85f433337312c5935912130b9b392f816244baf6aee84c31198e496a550586cd8b98d35e4281

    • SSDEEP

      6144:M9UgE9lgn7jVf+8aIpgRxLKUPSYjQkceSHmhhgWRDdSVh8VusOQAFKsM8Noc/Ft:E0lg7j55mf2Y+0/RDdSVGBOVoc/H

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks