General
-
Target
AquaPac (1337).zip
-
Size
1.0MB
-
Sample
250108-jqyggs1jhy
-
MD5
be1bfaf16e831c12b5f4627671f0e058
-
SHA1
58da2c367847c2f73d25bbea19d2636c597ab29d
-
SHA256
74fe35f356a74e085d35b10631f3a5f66e0d7ce06b40de955d3d25d305e40ca3
-
SHA512
91b9f83b313ac8260cc074941f7d819d5a87527ddb76f6eecd24fec07389671286d899bae8267b2ae062fe1eb158c5d957b1dd640eee855763c96e24d4e06989
-
SSDEEP
24576:lGK/Bk4y7dkodaTDe6K20vli9yZcZ/VYvA3Zj9DpiwSac1oP:J5Ua3TQ20tlcZdYvYt5P
Malware Config
Extracted
lumma
https://robinsharez.shop/api
https://handscreamny.shop/api
https://chipdonkeruz.shop/api
https://versersleep.shop/api
https://crowdwarek.shop/api
https://apporholis.shop/api
https://femalsabler.shop/api
https://soundtappysk.shop/api
Extracted
lumma
https://soundtappysk.shop/api
https://femalsabler.shop/api
https://apporholis.shop/api
https://crowdwarek.shop/api
https://versersleep.shop/api
https://chipdonkeruz.shop/api
https://handscreamny.shop/api
https://robinsharez.shop/api
Targets
-
-
Target
AquaPac.exe
-
Size
1.1MB
-
MD5
d8a8a72c0a91f968623129f7c301304c
-
SHA1
27612e6c7a665949f6777fb14c97955cb82a4655
-
SHA256
7182cdbd10477e805b21ba0c78b46dd133261b28f9c3a289687870b1c1a38bc0
-
SHA512
9da5ed8a8e9569f5423cb6968670f0f1fca39b940ca2e2266bfaaf020ac3b9e49f9e4a42da8e72d36aa04a58604c27f1888025f70d2cceb899057d9097dc499a
-
SSDEEP
24576:uQdnlsomZ0yh1z+e4GVQ46ueUjcXaRN72L7SAYXOFXJYd0yb7Tb7j:MomaL/GVBLyWAYgKd0I
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates processes with tasklist
-