General

  • Target

    176.113.115.225.ps1

  • Size

    533KB

  • Sample

    250127-sbkfratnbt

  • MD5

    eaf7ebe973ee32e26027ba74eb211b0c

  • SHA1

    29f2261e2a37e97045d000cc1bd0fb614cff9f74

  • SHA256

    97a191d90077f093ce6e0d472167b36bb648de846098ed494d981c1076d358f5

  • SHA512

    c35bd999fb35a1a28816622cdf743e5d2287b1a5933229d682ac0da1c96a91fc81dcdcd2daeac1e9dff79fc74f1c3af79e044037ff0318d13380addc7067b966

  • SSDEEP

    12288:ZcTOT1uStOOovc4mkab9NY+2GyKKIoKUOwFL9:ZcTPStkvcVZT2GyQoKUOwFL9

Malware Config

Extracted

Family

lumma

C2

https://toppyneedus.biz/api

Targets

    • Target

      176.113.115.225.ps1

    • Size

      533KB

    • MD5

      eaf7ebe973ee32e26027ba74eb211b0c

    • SHA1

      29f2261e2a37e97045d000cc1bd0fb614cff9f74

    • SHA256

      97a191d90077f093ce6e0d472167b36bb648de846098ed494d981c1076d358f5

    • SHA512

      c35bd999fb35a1a28816622cdf743e5d2287b1a5933229d682ac0da1c96a91fc81dcdcd2daeac1e9dff79fc74f1c3af79e044037ff0318d13380addc7067b966

    • SSDEEP

      12288:ZcTOT1uStOOovc4mkab9NY+2GyKKIoKUOwFL9:ZcTPStkvcVZT2GyQoKUOwFL9

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks