General

  • Target

    2025-06-30_4a0bc917ac65e39cf31425614d14372a_dosia_frostygoop_ghostlocker_knight_luca-stealer_poet-rat_quasar-rat_sliver_snatch

  • Size

    8.1MB

  • Sample

    250630-ytyzravkz2

  • MD5

    4a0bc917ac65e39cf31425614d14372a

  • SHA1

    5d519a34a47dd45f7c7e3399ff9a83363efb1a5a

  • SHA256

    d3d8c0efa4c20e55e07a3266db9f8b433e65443496bd078bf333bf0d0c2a9d20

  • SHA512

    057b75a62049526c7c680d1e3de272897cf8f431330c7a8761f48de860f28a1c3fa26e77e76dd297a68440564a901f19d769f962a3ceec39a89d7c8e1934031a

  • SSDEEP

    98304:yx6MuD6bRhucxm2CDwu1EFNGfj2UergLq6q7gKvgnSn8mo:yxO6Pucc0FNGf3egLq5754X

Malware Config

Extracted

Family

lumma

C2

https://t.me/pizdenka202020

https://plapwf.top/agnb

https://narrathfpt.top/tekq

https://escczlv.top/bufi

https://localixbiw.top/zlpa

https://korxddl.top/qidz

https://stochalyqp.xyz/alfp

https://diecam.top/laur

https://citellcagt.top/gjtu

https://saokwe.xyz/plxa

Attributes
  • build_id

    be977f77a870d72a9e18c40aaaf22e9e73c13f0d67cb7384c4

Targets

    • Target

      2025-06-30_4a0bc917ac65e39cf31425614d14372a_dosia_frostygoop_ghostlocker_knight_luca-stealer_poet-rat_quasar-rat_sliver_snatch

    • Size

      8.1MB

    • MD5

      4a0bc917ac65e39cf31425614d14372a

    • SHA1

      5d519a34a47dd45f7c7e3399ff9a83363efb1a5a

    • SHA256

      d3d8c0efa4c20e55e07a3266db9f8b433e65443496bd078bf333bf0d0c2a9d20

    • SHA512

      057b75a62049526c7c680d1e3de272897cf8f431330c7a8761f48de860f28a1c3fa26e77e76dd297a68440564a901f19d769f962a3ceec39a89d7c8e1934031a

    • SSDEEP

      98304:yx6MuD6bRhucxm2CDwu1EFNGfj2UergLq6q7gKvgnSn8mo:yxO6Pucc0FNGf3egLq5754X

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Lumma family

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks