Overview

overview

10

Static

static

3

2025-01-13...uk.exe

windows7-x64

10

2025-01-13...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-13_4f96b4d0061d45b08d73e3526d82630f_cobalt-strike_ryuk

  • Size

    12.1MB

  • Sample

    250113-vd57ca1rfj

  • MD5

    4f96b4d0061d45b08d73e3526d82630f

  • SHA1

    15d6d2445d55db393adf30f0bf7f4b649c098257

  • SHA256

    30bc5b4729f0ae6ea5e1eb44654e739040f29941b5e6d2436b10ae93a98e5e6b

  • SHA512

    6b50eb6e642adb840497b95e0dd5248054752027c15627c2a6262a4e7497c78d1a7eb7b1936c7d8c6f94557b99fcb465e5514f707e04f5f7cc1efee69216a372

  • SSDEEP

    393216:R34OXjrnjnEEQWbPbqeQ2K3G/JXa42gqf:R4I/njtQOr50Sqf

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

Targets

    • Target

      2025-01-13_4f96b4d0061d45b08d73e3526d82630f_cobalt-strike_ryuk

    • Size

      12.1MB

    • MD5

      4f96b4d0061d45b08d73e3526d82630f

    • SHA1

      15d6d2445d55db393adf30f0bf7f4b649c098257

    • SHA256

      30bc5b4729f0ae6ea5e1eb44654e739040f29941b5e6d2436b10ae93a98e5e6b

    • SHA512

      6b50eb6e642adb840497b95e0dd5248054752027c15627c2a6262a4e7497c78d1a7eb7b1936c7d8c6f94557b99fcb465e5514f707e04f5f7cc1efee69216a372

    • SSDEEP

      393216:R34OXjrnjnEEQWbPbqeQ2K3G/JXa42gqf:R4I/njtQOr50Sqf

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks