Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/01/2025, 00:35 UTC

250115-axmtwswqfm 10

15/01/2025, 00:20 UTC

250115-am2v3atqgz 10

General

  • Target

    final_boss.bin

  • Size

    1.2MB

  • Sample

    250115-am2v3atqgz

  • MD5

    926fd4235ade096c02b36b2ed6a53739

  • SHA1

    337424610694e00ebac66d36dd20e535c7a92164

  • SHA256

    25f3978a8bb28d7d978f5f861d639796e805230aca153ffa612dcc4d0a939edc

  • SHA512

    65c931dc59ff4ca8ffe069915874661f905c64835721ab877b38454bbdb2d6ddfce75bd1bf905e9f72d936e1a31f6c874877aa602b8bc21c63126bcea4ff0f79

  • SSDEEP

    24576:MD+wdilvnK90Lozyxuzkhj15I/yQl9sFLK45tQgSD:9yQoUuEjEhm5ug

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Targets

    • Target

      final_boss.bin

    • Size

      1.2MB

    • MD5

      926fd4235ade096c02b36b2ed6a53739

    • SHA1

      337424610694e00ebac66d36dd20e535c7a92164

    • SHA256

      25f3978a8bb28d7d978f5f861d639796e805230aca153ffa612dcc4d0a939edc

    • SHA512

      65c931dc59ff4ca8ffe069915874661f905c64835721ab877b38454bbdb2d6ddfce75bd1bf905e9f72d936e1a31f6c874877aa602b8bc21c63126bcea4ff0f79

    • SSDEEP

      24576:MD+wdilvnK90Lozyxuzkhj15I/yQl9sFLK45tQgSD:9yQoUuEjEhm5ug

    Score
    10/10
    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.