General
-
Target
PASS-1234.exe
-
Size
337KB
-
Sample
250110-s3jzas1lgm
-
MD5
5753420eb18d247f18ec3c98866b0fc1
-
SHA1
8d776076e990ee3ad51019cb00d40f05f78e3461
-
SHA256
e47fc0ff0ad4bbbae6d1700b0780e2d686cc1607d56400e085b0a2e986ebe2fd
-
SHA512
efbcb7c0a6e79b31b93be2fe2b791df5eecb9a388b92793047bc65bc10d35aa14f9a93889c9c8ef26aabaf80a933d44ec4154df0deef5632ae6737b5c7941868
-
SSDEEP
6144:+VQ5mJV5y9pZm1yCQIEnNek2qZq8wC6NL3O8sYWR6T+aZ3zjr6:CQCo93Gy9nN5Zq8wNNLsX6b32
Malware Config
Extracted
lumma
https://truculengisau.biz/api
https://spookycappy.biz/api
https://punishzement.biz/api
https://nuttyshop/api
https://nuttyshopr.biz/api
https://marketlumpe.biz/api
https://littlenotii.biz/api
https://grandiouseziu.biz/api
https://fraggielek.biz/api
Extracted
lumma
https://fraggielek.biz/api
https://grandiouseziu.biz/api
https://littlenotii.biz/api
https://marketlumpe.biz/api
https://nuttyshopr.biz/api
https://punishzement.biz/api
https://spookycappy.biz/api
https://truculengisau.biz/api
Targets
-
-
Target
PASS-1234.exe
-
Size
337KB
-
MD5
5753420eb18d247f18ec3c98866b0fc1
-
SHA1
8d776076e990ee3ad51019cb00d40f05f78e3461
-
SHA256
e47fc0ff0ad4bbbae6d1700b0780e2d686cc1607d56400e085b0a2e986ebe2fd
-
SHA512
efbcb7c0a6e79b31b93be2fe2b791df5eecb9a388b92793047bc65bc10d35aa14f9a93889c9c8ef26aabaf80a933d44ec4154df0deef5632ae6737b5c7941868
-
SSDEEP
6144:+VQ5mJV5y9pZm1yCQIEnNek2qZq8wC6NL3O8sYWR6T+aZ3zjr6:CQCo93Gy9nN5Zq8wNNLsX6b32
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Suspicious use of SetThreadContext
-