Overview

overview

10

Static

static

1

kongo.mp4.js

windows7-x64

8

kongo.mp4.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kongo.mp4.js

  • Size

    102KB

  • Sample

    250108-xh85xa1ncq

  • MD5

    3c38beb47e908f44e723eeecc9263200

  • SHA1

    aa1a371919fe804ab727bb65c1a7bb96224014a9

  • SHA256

    9f31852148ac6004937ef640870d442afaa1a1064aa2cf540ec0db4827c8aee3

  • SHA512

    46608dec2ca73d340fcefac08c74ed20a5395378777431d6a911b4192765946c09f8aa54485496341f12c9451f068a81e63c05197e4c83f51a32da98ef5967b4

  • SSDEEP

    3072:uRKoa6RMqYPXIJOjW47hnrX2D45IbhmwOho2Big:uRFYPYU97hnrGD3mwOu2BN

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://charminammoc.cyou/api

Targets

    • Target

      kongo.mp4.js

    • Size

      102KB

    • MD5

      3c38beb47e908f44e723eeecc9263200

    • SHA1

      aa1a371919fe804ab727bb65c1a7bb96224014a9

    • SHA256

      9f31852148ac6004937ef640870d442afaa1a1064aa2cf540ec0db4827c8aee3

    • SHA512

      46608dec2ca73d340fcefac08c74ed20a5395378777431d6a911b4192765946c09f8aa54485496341f12c9451f068a81e63c05197e4c83f51a32da98ef5967b4

    • SSDEEP

      3072:uRKoa6RMqYPXIJOjW47hnrX2D45IbhmwOho2Big:uRFYPYU97hnrGD3mwOu2BN

    Score
    10/10
    discoveryexecutionlummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks