General
-
Target
2025-06-30_4a0bc917ac65e39cf31425614d14372a_dosia_frostygoop_ghostlocker_knight_luca-stealer_poet-rat_quasar-rat_sliver_snatch
-
Size
8.1MB
-
Sample
250630-ytyzravkz2
-
MD5
4a0bc917ac65e39cf31425614d14372a
-
SHA1
5d519a34a47dd45f7c7e3399ff9a83363efb1a5a
-
SHA256
d3d8c0efa4c20e55e07a3266db9f8b433e65443496bd078bf333bf0d0c2a9d20
-
SHA512
057b75a62049526c7c680d1e3de272897cf8f431330c7a8761f48de860f28a1c3fa26e77e76dd297a68440564a901f19d769f962a3ceec39a89d7c8e1934031a
-
SSDEEP
98304:yx6MuD6bRhucxm2CDwu1EFNGfj2UergLq6q7gKvgnSn8mo:yxO6Pucc0FNGf3egLq5754X
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-30_4a0bc917ac65e39cf31425614d14372a_dosia_frostygoop_ghostlocker_knight_luca-stealer_poet-ra.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
lumma
https://t.me/pizdenka202020
https://plapwf.top/agnb
https://narrathfpt.top/tekq
https://escczlv.top/bufi
https://localixbiw.top/zlpa
https://korxddl.top/qidz
https://stochalyqp.xyz/alfp
https://diecam.top/laur
https://citellcagt.top/gjtu
https://saokwe.xyz/plxa
-
build_id
be977f77a870d72a9e18c40aaaf22e9e73c13f0d67cb7384c4
Targets
-
-
Target
2025-06-30_4a0bc917ac65e39cf31425614d14372a_dosia_frostygoop_ghostlocker_knight_luca-stealer_poet-rat_quasar-rat_sliver_snatch
-
Size
8.1MB
-
MD5
4a0bc917ac65e39cf31425614d14372a
-
SHA1
5d519a34a47dd45f7c7e3399ff9a83363efb1a5a
-
SHA256
d3d8c0efa4c20e55e07a3266db9f8b433e65443496bd078bf333bf0d0c2a9d20
-
SHA512
057b75a62049526c7c680d1e3de272897cf8f431330c7a8761f48de860f28a1c3fa26e77e76dd297a68440564a901f19d769f962a3ceec39a89d7c8e1934031a
-
SSDEEP
98304:yx6MuD6bRhucxm2CDwu1EFNGfj2UergLq6q7gKvgnSn8mo:yxO6Pucc0FNGf3egLq5754X
-
Lumma family
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-