General
-
Target
Installer.exe
-
Size
165.2MB
-
Sample
240609-p45qlsbd94
-
MD5
40c4d987742c851d15d1c8eb36564634
-
SHA1
e5ce265f0a6fbb8a0b22964ecd86bdf81b6efc6a
-
SHA256
ed5fad1077cab43a43f700a67577e30ae4537f5b42cf1544da423253cea3c2a8
-
SHA512
0a0246c78d21967f36b86fbe733b89c94c2e8efd827f0decc80bc14f39bf2c9a8cc7eddd9ad2b71ac9f06b8e76d6ed83914b2230a1768e100956e9a36580b6d9
-
SSDEEP
786432:29/wSomYEPyyRIekBWSnJtLeiWvaGJSF5FXMw/93IYSSL/4azYFSbLP5njZUn:29TFYbFEAJtCiWvA5FXMmtQuvPUn
Malware Config
Extracted
lumma
https://franticnaughtyeiw.shop/api
https://distincttangyflippan.shop/api
https://macabrecondfucews.shop/api
https://greentastellesqwm.shop/api
https://stickyyummyskiwffe.shop/api
https://sturdyregularrmsnhw.shop/api
https://lamentablegapingkwaq.shop/api
https://innerverdanytiresw.shop/api
https://standingcomperewhitwo.shop/api
Targets
-
-
Target
Installer.exe
-
Size
165.2MB
-
MD5
40c4d987742c851d15d1c8eb36564634
-
SHA1
e5ce265f0a6fbb8a0b22964ecd86bdf81b6efc6a
-
SHA256
ed5fad1077cab43a43f700a67577e30ae4537f5b42cf1544da423253cea3c2a8
-
SHA512
0a0246c78d21967f36b86fbe733b89c94c2e8efd827f0decc80bc14f39bf2c9a8cc7eddd9ad2b71ac9f06b8e76d6ed83914b2230a1768e100956e9a36580b6d9
-
SSDEEP
786432:29/wSomYEPyyRIekBWSnJtLeiWvaGJSF5FXMw/93IYSSL/4azYFSbLP5njZUn:29TFYbFEAJtCiWvA5FXMmtQuvPUn
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-