Overview

overview

10

Static

static

10

edbfdd04d1...5a.exe

windows7-x64

9

edbfdd04d1...5a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a.exe

  • Size

    24.4MB

  • Sample

    240629-cbfjss1fqm

  • MD5

    16b332205d167a6a6f76c5293aa8f201

  • SHA1

    40c0fba9107d270cf006f58f4fecc9742f806a2b

  • SHA256

    edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a

  • SHA512

    ff18c351f1f86134f79a535eb5f6045c5dfdf3ab9e632d15a5266c86e25c0cd675a88f457a99f3ae6a92d0929d35f703a366b0d11fac1ffaa09e6f44f39e11f5

  • SSDEEP

    393216:Z8V2nhTIrvYzEWmn+FBhwFDbllTqkl6eFh3zZNgni9HkHxHLCA9arP1A0+3ERPWy:OV2h2QzE0FTIpt6eFl1NykmxeS3u

Score
10/10
lummastealerupx

Malware Config

Extracted

Family

lumma

C2

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a.exe

    • Size

      24.4MB

    • MD5

      16b332205d167a6a6f76c5293aa8f201

    • SHA1

      40c0fba9107d270cf006f58f4fecc9742f806a2b

    • SHA256

      edbfdd04d154060b82f386191ba772e0b9122e2f82a4e3c0e3ddf65fc7a8b55a

    • SHA512

      ff18c351f1f86134f79a535eb5f6045c5dfdf3ab9e632d15a5266c86e25c0cd675a88f457a99f3ae6a92d0929d35f703a366b0d11fac1ffaa09e6f44f39e11f5

    • SSDEEP

      393216:Z8V2nhTIrvYzEWmn+FBhwFDbllTqkl6eFh3zZNgni9HkHxHLCA9arP1A0+3ERPWy:OV2h2QzE0FTIpt6eFl1NykmxeS3u

    Score
    10/10
    upxlummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks