Overview

overview

10

Static

static

3

Gtool.exe

windows7-x64

3

Gtool.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240629-ye94gaxgmk_pw_infected.zip

  • Size

    431KB

  • Sample

    240629-yx967aycmn

  • MD5

    37b5945a94f04f36b73639292c8949cc

  • SHA1

    240c1014adcf8eed1f79ced59f9405b9ee58d446

  • SHA256

    3ac252519b834b39fc3c97eb7810889df601dc72d702ff8eadf294943184eee2

  • SHA512

    0d0cd68be7879f4e3d7ad0c3cc13f263f30aeb85c400ba8a4e6c7507b1e38bf47ac72fe856c5fcba139ddbfe7763987ad493dab535edcd1eb44b3b4d54079b5e

  • SSDEEP

    12288:17Ms9OVcgXRnht4foAcsaxB1ENLdQWWSVRHku:47n8frc11OJJf

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Gtool.exe

    • Size

      526KB

    • MD5

      25d66863ae6b40666fe4ea3031c00957

    • SHA1

      07408d2073032c8fa07a1e3f1613274039183ef9

    • SHA256

      ffeabd18beabd0c0090ca6ff166e7f724ee80c120c602e46a4ce2e427887b762

    • SHA512

      03644f6de2da25939ec5b460f90d052718fce40f84d2d75788836a02d20f3352e967b6df80ddfd8b858f11af9ff9c08be419373f903063ee1aeb9a58385892a8

    • SSDEEP

      12288:PnUB23lHRG/X5maWsBZUXHgBEDwAW8WrlrpQy7lQ:PUE1H2JmaWs0CeFmZ

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks