General
-
Target
2bc0310f5606d19887f66e595c371c79a7e11073598aa5e3233609feb88a1686
-
Size
186.8MB
-
Sample
250404-rhsv2a1jw7
-
MD5
98b3ea9e6364e2f0e2ac1294041fb9be
-
SHA1
7ca708206aa92e3b5736543275d1036d679e713c
-
SHA256
2bc0310f5606d19887f66e595c371c79a7e11073598aa5e3233609feb88a1686
-
SHA512
807b783fa2fadd9c8e2001b3828554bad500af10465277a4b9e80aeb97fa83a3c6bb98d77bdcb49bed3da9189fe2c71a6fa8c4ab387dfbfb05c938acb337deb9
-
SSDEEP
3145728:TeC0rah3ZxOnTcDXjcFRLHaY48Mjj/4v6cAGiBy/zYFmcHqX/HNhak8Phm:TJ0r23ZEQDXjILHaYJM3LcAG+08i/Pak
Malware Config
Extracted
lumma
https://rlxspoty.run/nogoaz
https://jrxsafer.top/shpaoz
https://krxspint.digital/kendwz
https://rhxhube.run/pogrs
https://grxeasyw.digital/xxepw
https://advennture.top/GKsiio
https://targett.top/dsANGt
https://xrfxcaseq.live/gspaz
https://ywmedici.top/noagis
Targets
-
-
Target
2bc0310f5606d19887f66e595c371c79a7e11073598aa5e3233609feb88a1686
-
Size
186.8MB
-
MD5
98b3ea9e6364e2f0e2ac1294041fb9be
-
SHA1
7ca708206aa92e3b5736543275d1036d679e713c
-
SHA256
2bc0310f5606d19887f66e595c371c79a7e11073598aa5e3233609feb88a1686
-
SHA512
807b783fa2fadd9c8e2001b3828554bad500af10465277a4b9e80aeb97fa83a3c6bb98d77bdcb49bed3da9189fe2c71a6fa8c4ab387dfbfb05c938acb337deb9
-
SSDEEP
3145728:TeC0rah3ZxOnTcDXjcFRLHaY48Mjj/4v6cAGiBy/zYFmcHqX/HNhak8Phm:TJ0r23ZEQDXjILHaYJM3LcAG+08i/Pak
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Looks for VirtualBox drivers on disk
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1