General

  • Target

    go-hacks.exe

  • Size

    1.2MB

  • Sample

    250630-ychlfavjw4

  • MD5

    e43ba4f8b9580b247bf8eb0efa0e24e1

  • SHA1

    f01b185123a11f28601a011ff1fcb445163a322c

  • SHA256

    6a9e5bedbb775cd138a42abe9d3b2dce268252b76732a9bf120fa740df377e4e

  • SHA512

    842f74d897e68bbebef288ef0bbdc14a43e4d81999620e80f93d7a298ede5ee2b9cf504442d079a97d5243c18f38f9bb8e45e22841282bdfcfbfad3f18f1e77b

  • SSDEEP

    24576:HuE0Vsb8ImfhYaOVe07lID3aOVe07lID:OPVC8phHO575O57

Malware Config

Extracted

Family

lumma

C2

https://t.me/vstalnasral555

https://swenku.xyz/gaok

https://pacwpw.xyz/qwpr

https://comkxjs.xyz/taox

https://unurew.xyz/anhd

https://trsuv.xyz/gait

https://sqgzl.xyz/taoa

https://cexpxg.xyz/airq

https://urarfx.xyz/twox

https://liaxn.xyz/nbzh

Attributes
  • build_id

    1f9f3331e63b0e3ffa2680d9ebda44d1ee22e3a0f1cf912e1f

Targets

    • Target

      go-hacks.exe

    • Size

      1.2MB

    • MD5

      e43ba4f8b9580b247bf8eb0efa0e24e1

    • SHA1

      f01b185123a11f28601a011ff1fcb445163a322c

    • SHA256

      6a9e5bedbb775cd138a42abe9d3b2dce268252b76732a9bf120fa740df377e4e

    • SHA512

      842f74d897e68bbebef288ef0bbdc14a43e4d81999620e80f93d7a298ede5ee2b9cf504442d079a97d5243c18f38f9bb8e45e22841282bdfcfbfad3f18f1e77b

    • SSDEEP

      24576:HuE0Vsb8ImfhYaOVe07lID3aOVe07lID:OPVC8phHO575O57

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks