lumma | 506fe400fc761df8e78670902a95994ce7b08d635c653b2f7f9c4febd7c4b6a0

General

Target

WonderHack.zip
Size

80.6MB
Sample

250120-e8hrja1rhk
MD5

429cbd0325ee415a32a94f52d5044768
SHA1

9e28b4b0a46171a1b563fd5af5b9de97b117f994
SHA256

506fe400fc761df8e78670902a95994ce7b08d635c653b2f7f9c4febd7c4b6a0
SHA512

6f57a11ab1d537076363ea33ad7acd47dc965ec7d4f48d6949600fb6809d2d76d5cd2b95832cea0beacc7b8aef742195e4f02411b01ec18595a03aad94faa17a
SSDEEP

1572864:R7uYu259qW5V/WNUBqG1J+PqIp1FDyEuvX4Hf+R:R7uGdhWuYp3Mvk4

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

Targets

- Target
  
  WonderHack/WonderLoader_x64.exe
- Size
  
  383KB
- MD5
  
  e184148c7a56df46e76eed337a51709c
- SHA1
  
  545d68571800780674514a55352effecbdd319cc
- SHA256
  
  dadebed35e6993b0feddb7e94482f0e5865b08b46ac9c4968365b04396e95b50
- SHA512
  
  367661c715392df2fe479f4bfac955f2ff47edbdd47fcdd5088a78014afdbe0a2e0dce8eeef0ca1da16ae809ca858a3b1e96cca8f658dc01d5067a5b546b6340
- SSDEEP
  
  6144:CR/qS7RulVoBi7mN6i9E8esdSLol/Zg3lShv1B42gKLs9jFBKF+gOwIycvuaYtFv:+qS7UlqA729TJdSLolClkvc28pBKF+5w
Score

7^/10

discovery
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

.NET Reactor proctector

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2