Overview

overview

10

Static

static

3

09ae240ffb...98.exe

windows7-x64

3

09ae240ffb...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09ae240ffbdeee491ed906b3f5515f7a16cb574d06b33763295263245dc45998

  • Size

    1.1MB

  • Sample

    250111-ydrkqszkhr

  • MD5

    921fb0f8351be8ca638d8534787c612c

  • SHA1

    8ed9fd81e7b7541895791a831d0cd1bada6e9262

  • SHA256

    09ae240ffbdeee491ed906b3f5515f7a16cb574d06b33763295263245dc45998

  • SHA512

    1ba964990065019327a4fc4af915a4810c682e52c86aeb0c1c02034542446fbe2580191e5dd348e3aa378315f3be7b260dea4db3b98e38dae6fdb231353b8ccc

  • SSDEEP

    24576:gDtJL12mpM/VYs3hcPuXkUoiU47IBRFX09Q3VJbhvDG83oHXjnL/:/qa3h2u/pIBDlD7x4HXjnL/

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

    • Target

      09ae240ffbdeee491ed906b3f5515f7a16cb574d06b33763295263245dc45998

    • Size

      1.1MB

    • MD5

      921fb0f8351be8ca638d8534787c612c

    • SHA1

      8ed9fd81e7b7541895791a831d0cd1bada6e9262

    • SHA256

      09ae240ffbdeee491ed906b3f5515f7a16cb574d06b33763295263245dc45998

    • SHA512

      1ba964990065019327a4fc4af915a4810c682e52c86aeb0c1c02034542446fbe2580191e5dd348e3aa378315f3be7b260dea4db3b98e38dae6fdb231353b8ccc

    • SSDEEP

      24576:gDtJL12mpM/VYs3hcPuXkUoiU47IBRFX09Q3VJbhvDG83oHXjnL/:/qa3h2u/pIBDlD7x4HXjnL/

    Score
    10/10
    discoverylummastealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks