Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Trojan.PWS.Lumma.1819.32341.28310.exe
-
Size
1.2MB
-
Sample
250309-pyqpha1mx7
-
MD5
428debead98e87580b9d650b373dc205
-
SHA1
4965fb5c56de9a62f4eacf49ec9ff523500a31c7
-
SHA256
5c9f76f84adfb563c3073625481286cfb5059a05d12d635ee26e758c6c881a8a
-
SHA512
4637b63cd4efbb72fdc4b9be7b7346a7bdfb408faa218c2ba26e184902c4b93e1bae2bd5e083a9826529089012015839e276bc8c1a41d9f7e93621950f611899
-
SSDEEP
12288:SvkKkPpLiD4PDM5nN9gSv6Xb2Q0dXyzFAFQgUB39MwT:AksDODM3v6b2QYyxAh4d
Malware Config
Extracted
lumma
https://paleboreei.biz/api
https://uncertainyelemz.bet/api
https://hobbyedsmoker.live/api
https://dsfljsdfjewf.info/api
https://ddeaddereaste.today/api
https://subawhipnator.life/api
https://privileggoe.live/api
https://decreaserid.world/api
https://pastedeputten.life/api
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.Lumma.1819.32341.28310.exe
-
Size
1.2MB
-
MD5
428debead98e87580b9d650b373dc205
-
SHA1
4965fb5c56de9a62f4eacf49ec9ff523500a31c7
-
SHA256
5c9f76f84adfb563c3073625481286cfb5059a05d12d635ee26e758c6c881a8a
-
SHA512
4637b63cd4efbb72fdc4b9be7b7346a7bdfb408faa218c2ba26e184902c4b93e1bae2bd5e083a9826529089012015839e276bc8c1a41d9f7e93621950f611899
-
SSDEEP
12288:SvkKkPpLiD4PDM5nN9gSv6Xb2Q0dXyzFAFQgUB39MwT:AksDODM3v6b2QYyxAh4d
Score10/10-
Detects Rhadamanthys payload
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-