General

  • Target

    b8f3067b4eff053e8d844367eabe1f5d9cbcb81a716f2e427e641b35383644ba.bin

  • Size

    1.2MB

  • Sample

    250630-xky3qatrw6

  • MD5

    d5c68ce3136df9197ed5e41c562ff58d

  • SHA1

    4fea19c67fef9da87a15eac55bef348236160654

  • SHA256

    b8f3067b4eff053e8d844367eabe1f5d9cbcb81a716f2e427e641b35383644ba

  • SHA512

    04e8017c83bf4c339e7c5fb3b4a0e370813ea1ad2fee347ca39cff16708683e71ce8fa7b9c51141bc7d66a9d5eca30a9518db3e1b1305ea5bf364a7b94a5ca71

  • SSDEEP

    24576:GS6Hg7JOPy1xDoeAkCKeNm3DCrREawJa3ZKWm3DCrREawJa3ZK:GRgFJ7mKeI3D3533D35

Malware Config

Extracted

Family

lumma

C2

https://rbmlh.xyz/lakd

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    19edee737bd798fecb84f31894ceea6be10f6e

Targets

    • Target

      b8f3067b4eff053e8d844367eabe1f5d9cbcb81a716f2e427e641b35383644ba.bin

    • Size

      1.2MB

    • MD5

      d5c68ce3136df9197ed5e41c562ff58d

    • SHA1

      4fea19c67fef9da87a15eac55bef348236160654

    • SHA256

      b8f3067b4eff053e8d844367eabe1f5d9cbcb81a716f2e427e641b35383644ba

    • SHA512

      04e8017c83bf4c339e7c5fb3b4a0e370813ea1ad2fee347ca39cff16708683e71ce8fa7b9c51141bc7d66a9d5eca30a9518db3e1b1305ea5bf364a7b94a5ca71

    • SSDEEP

      24576:GS6Hg7JOPy1xDoeAkCKeNm3DCrREawJa3ZKWm3DCrREawJa3ZK:GRgFJ7mKeI3D3533D35

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks