General
-
Target
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
-
Size
516KB
-
Sample
240704-2fcfdasgrk
-
MD5
0309dd0131150796ea99b30a62194fae
-
SHA1
2df6e334708eae810a74b844fd57e18e9fdc34cd
-
SHA256
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
-
SHA512
3d4e5a0718d04fee92d8040880b631107d1e23a6b3bce430d58769179af999c28b99e50c5cd45f283339f7bbb24ffacbf601a5447edb12e28da4517fbfa282e8
-
SSDEEP
12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
Malware Config
Extracted
lumma
https://potterryisiw.shop/api
Targets
-
-
Target
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
-
Size
516KB
-
MD5
0309dd0131150796ea99b30a62194fae
-
SHA1
2df6e334708eae810a74b844fd57e18e9fdc34cd
-
SHA256
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
-
SHA512
3d4e5a0718d04fee92d8040880b631107d1e23a6b3bce430d58769179af999c28b99e50c5cd45f283339f7bbb24ffacbf601a5447edb12e28da4517fbfa282e8
-
SSDEEP
12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-