Overview

overview

10

Static

static

7

Nexol.exe

windows7-x64

10

Nexol.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nexol.zip

  • Size

    363KB

  • Sample

    250109-act3ga1rdr

  • MD5

    a3191414fe7f2113b05ce279ed66ac93

  • SHA1

    6723409a245ddcfd12bd52164809aee52a046e2f

  • SHA256

    7068348e72d1c5fc809cbe89f2be6a51459e8861c99dff71b18dbc7cde35c2ee

  • SHA512

    4ed196bc80aa51c325d98a7e3c926e4dc2e5abe834994f75efe78f3fda6d6b46822d19ffd1fb24233ec2f4c5e560e8dc2d68188fa7e70869ed9646ee5045e1ce

  • SSDEEP

    6144:s6Bl+AZSVH2eCMRdbwY/6U93uZEqRZyQmj3khxPb61yV4MW8guHOmvOX7LRiTNE:1XBCnVRdsYP1uZOAbW84kguHLORia

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

Targets

    • Target

      Nexol.exe

    • Size

      400KB

    • MD5

      452a78e8f8426755df51232f79625d03

    • SHA1

      77ef222547c42d9c022f39e1ba1ef14295e2fd71

    • SHA256

      6260e990f752752a447c4fa2d65de92c6c793a9b725c55794c9e03270c143b47

    • SHA512

      546432493e592a86c3b05dd9ad2c0a9fb0d46f2523d3b9f36a8cb14a972a05ac6bc1686ca08bac987642c9b864df7f0772f7536738ab459dd2ef1d54106982e0

    • SSDEEP

      6144:80bS4ZyK0FboqEMJYYPN/6Ur3uZEqRryQml3khxPZ61yV4MWYguHOsvOX5LR4T6s:80b9ATBNPLuZUiZW84QguHjeRgP

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks