General
-
Target
❂↶Fяοм†Sωι†cн✦$ε†μρ✦Codε✦∀sα†Lωor❂🎶9192.rar
-
Size
34.5MB
-
Sample
250301-pz6gca1tgz
-
MD5
094e0a708cc391c0602b90d3fa0cfb21
-
SHA1
b2e41ccdb3c6f21735318dfe4ba740426d432bdd
-
SHA256
23d2e6d18aa3677e9e545429c67ae0b97594714edf50e9790a63f7532b42e49a
-
SHA512
c6b650166a50178421dbf5ead876fbaebe75042ef4ba89f8a9e54b523758534454dfdb5e672ca107cf1c1841ce085a298a6db416f88236a65166e7917107e149
-
SSDEEP
786432:cnzgLJy9RbT6A1RqLbadOIAqCit9RdGabutFsCyX1E:cnzTtT6OYtIAat9RcbYCyG
Malware Config
Extracted
lumma
https://powerful-avoids.sbs/api
https://motion-treesz.sbs/api
https://disobey-curly.sbs/api
https://leg-sate-boat.sbs/api
https://story-tense-faz.sbs/api
https://blade-govern.sbs/api
https://occupy-blushi.sbs/api
https://frogs-severz.sbs/api
https://other-rans.cyou/api
Targets
-
-
Target
❂↶Fяοм†Sωι†cн✦$ε†μρ✦Codε✦∀sα†Lωor❂🎶9192/Set-up.exe
-
Size
1.8MB
-
MD5
098ac4621ee0e855e0710710736c2955
-
SHA1
ce7b88657c3449d5d05591314aaa43bd3e32bdaa
-
SHA256
46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f
-
SHA512
3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe
-
SSDEEP
49152:GpjwrP6yVgBd39sUUzFti4aTotmIT3SxLmNKbx:GpjwrP6yKTOUmi4aTo1NK9
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-