Overview

overview

10

Static

static

3

2025-01-13...uk.exe

windows7-x64

10

2025-01-13...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-13_54c9491e0087766f83c6e67cbd568f2b_cobalt-strike_ryuk

  • Size

    15.6MB

  • Sample

    250113-vfcb2ssjbq

  • MD5

    54c9491e0087766f83c6e67cbd568f2b

  • SHA1

    f2e8823382c00a1c0ff3c44e727bbe7ba1a5eab4

  • SHA256

    80995c3d41b7ab5178e77baeea0fa6fde3429a439c553e4a00fc1eef763cc415

  • SHA512

    275bef6c614b4e88a5fd9a350987b74e5b8bb6c17b155baa5204b3479d258ac6e9abebe87d1ec82272f71262334dc11b77c160fa047416adbd97a69dd774e544

  • SSDEEP

    393216:k8oy3mBlO804aw9tFhJMyUw/SZSRghMsppopHe:kkneacbfUw/tRghMs/o

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

    • Target

      2025-01-13_54c9491e0087766f83c6e67cbd568f2b_cobalt-strike_ryuk

    • Size

      15.6MB

    • MD5

      54c9491e0087766f83c6e67cbd568f2b

    • SHA1

      f2e8823382c00a1c0ff3c44e727bbe7ba1a5eab4

    • SHA256

      80995c3d41b7ab5178e77baeea0fa6fde3429a439c553e4a00fc1eef763cc415

    • SHA512

      275bef6c614b4e88a5fd9a350987b74e5b8bb6c17b155baa5204b3479d258ac6e9abebe87d1ec82272f71262334dc11b77c160fa047416adbd97a69dd774e544

    • SSDEEP

      393216:k8oy3mBlO804aw9tFhJMyUw/SZSRghMsppopHe:kkneacbfUw/tRghMs/o

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks