General
-
Target
2025-05-08_59ff683224a04b880b6236f4ce85ec1a_black-basta_cobalt-strike_ryuk_satacom
-
Size
1.0MB
-
Sample
250508-nzczcsdr9z
-
MD5
59ff683224a04b880b6236f4ce85ec1a
-
SHA1
791c503ddc40c50f1eee45a78ea364c2659c3948
-
SHA256
27fc8bee85cba827f06e1dc3c7791cc5845eb69292993a99f7c035714482246b
-
SHA512
8f2b3d2a75d28b3265fee3b3f1f1f05b11d4da008c2b177cce1a6fb27ba7787b0953f5543c9f5db4d95e5ca2d679d3ece00f8114e47adf22d7f5cf78783ccc5b
-
SSDEEP
24576:EtA3lSOPHyZ9LBRoEvPrVL7t2LBRoEvPrVL7t:EtA7PyZ9Xv5kXv5
Malware Config
Extracted
lumma
https://aeneasq.live/nmgj
https://orjinalecza.net/lxaz
https://veczakozmetik.net/qop
https://orijinalecza.org/jub
https://tortoisgfe.top/paxk
https://eczamedikal.org/vax
https://orijinalecza.net/kazd
https://medicalbitkisel.net/juj
https://snakejh.top/adsk
Targets
-
-
Target
2025-05-08_59ff683224a04b880b6236f4ce85ec1a_black-basta_cobalt-strike_ryuk_satacom
-
Size
1.0MB
-
MD5
59ff683224a04b880b6236f4ce85ec1a
-
SHA1
791c503ddc40c50f1eee45a78ea364c2659c3948
-
SHA256
27fc8bee85cba827f06e1dc3c7791cc5845eb69292993a99f7c035714482246b
-
SHA512
8f2b3d2a75d28b3265fee3b3f1f1f05b11d4da008c2b177cce1a6fb27ba7787b0953f5543c9f5db4d95e5ca2d679d3ece00f8114e47adf22d7f5cf78783ccc5b
-
SSDEEP
24576:EtA3lSOPHyZ9LBRoEvPrVL7t2LBRoEvPrVL7t:EtA7PyZ9Xv5kXv5
Score10/10-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Suspicious use of SetThreadContext
-