← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking) - ASEC BLOG
WHITE CyberHunter_NL 2023-11-01 Modified: 2023-12-01
82
IOCs
HIGH VOLUME
The LummaC2 Stealer malware is being distributed through the distribution of malware disguised as crackers and keygens for commercial software, according to the European Security Agency (Esa)..
dllsexe filefilelummac2xyz hxxpxyzc2conf hxxpinfostealerdll hijackingdll entrypointlummac2 malwareauguststeam
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LummaC2
Indicators of Compromise (82)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://nursepridespan.fun/ 2023-11-01
FileHash-MD5 12e5c5c08049ecaa5e15d51bbe58fd41 2023-11-01
FileHash-MD5 1377ef7319507a10d135d5128ac9fbc8 2023-11-01
FileHash-MD5 1d1ef4a4155edb56e8f3c8587fde8df0 2023-11-01
FileHash-MD5 200499eacae55905e27d0b96314cb0c7 2023-11-01
FileHash-MD5 23ba27d352305f29d201ac5e43fc4583 2023-11-01
FileHash-MD5 4474e26725db0e84d8418b25137d275b 2023-11-01
FileHash-MD5 483ad6a57ea6cae5696841f07f1177f0 2023-11-01
FileHash-MD5 48c9a0c76b44a5f2729c876085adba4e 2023-11-01
FileHash-MD5 4b8ac7aab387e01cfa2c53cad3ef69b1 2023-11-01
FileHash-MD5 4ec1a433d0c1e6b58da254b506e3444f 2023-11-01
FileHash-MD5 4f688e1c75cbee5949af010cbc5d4057 2023-11-01
FileHash-MD5 50a40274ffe963e1f214f9f19746e29e 2023-11-01
FileHash-MD5 58ea42289ae52e82ffcfa20071c32d7a 2023-11-01
FileHash-MD5 61762b4a21b0b7b479d2eac80b630c2e 2023-11-01
FileHash-MD5 64e3c6d6a396836e3c57b81e4c7c8f3b 2023-11-01
FileHash-MD5 696e066c4f3d52d5766e724afbdb3594 2023-11-01
FileHash-MD5 8096e5aacfe4dc4ea1afe03ca254982a 2023-11-01
FileHash-MD5 88691dbfa349db78f96e3278d1afc943 2023-11-01
FileHash-MD5 89618931cf9487370542ca40509795a4 2023-11-01
FileHash-MD5 8f0717916432e1e4f3313c8ebde55210 2023-11-01
FileHash-MD5 a13bfe522abc659704965388ad4581ee 2023-11-01
FileHash-MD5 a3a0395dc0f15e2e92a55dcb7c3a7735 2023-11-01
FileHash-MD5 a860b368e9e2aa5cb4e7cb73607d18b1 2023-11-01
FileHash-MD5 ba99b11a84a19051eca441320af22f4e 2023-11-01
FileHash-MD5 c474b9effe72f11e73bfd8e2d5235108 2023-11-01
FileHash-MD5 c8a2de7077f97d4bce1a44317b49ef41 2023-11-01
FileHash-MD5 cce7eaa082751bdd6780707a9444964d 2023-11-01
FileHash-MD5 e634616d3b445fc1cd55ee79cf5326ea 2023-11-01
FileHash-MD5 e74fb90de19d7cc0b01155f29e6c306f 2023-11-01
FileHash-MD5 f362e88dd656c5512dbee66efffae107 2023-11-01
FileHash-SHA1 095f38a88eed3c399ae87a5e72e74106edd67f03 SHA1 of a860b368e9e2aa5cb4e7cb73607d18b1 2023-11-01
FileHash-SHA1 1e5e32c35af6bebeb800083f5c637cb03fac3e37 SHA1 of a13bfe522abc659704965388ad4581ee 2023-11-01
FileHash-SHA1 41456cd9c3b66cfb22f9bbeefb6750cce516bf3a SHA1 of 8f0717916432e1e4f3313c8ebde55210 2023-11-01
FileHash-SHA1 6cb3212ec9be08cb5a29bf8d37e9ca845efc18c9 SHA1 of c8a2de7077f97d4bce1a44317b49ef41 2023-11-01
FileHash-SHA1 7c7720604bb82351dfba857837d64b360cd715b2 SHA1 of 23ba27d352305f29d201ac5e43fc4583 2023-11-01
FileHash-SHA1 8a5bee1995153d6069fb322ed23dec2de461f0df SHA1 of 48c9a0c76b44a5f2729c876085adba4e 2023-11-01
FileHash-SHA1 ae6f2c862fe7c3c9f2389f558abd0e884a4cd56b SHA1 of 50a40274ffe963e1f214f9f19746e29e 2023-11-01
FileHash-SHA1 b59f7f3f9bdcabd1df07cae06f9ecb4491c112c5 SHA1 of 696e066c4f3d52d5766e724afbdb3594 2023-11-01
FileHash-SHA1 bb3a700fa2676d0223444a81796c7b21aa191ca8 SHA1 of ba99b11a84a19051eca441320af22f4e 2023-11-01
FileHash-SHA1 ca27a368d87bc776884322ca996f3b24e20645f4 SHA1 of e634616d3b445fc1cd55ee79cf5326ea 2023-11-01
FileHash-SHA1 dc4983edae51b3b8fa4b9b28c621e3dec41888ff SHA1 of 1377ef7319507a10d135d5128ac9fbc8 2023-11-01
FileHash-SHA1 f5624018c9e9c6e9f42ebb08fcd46f1b598c47d3 SHA1 of 88691dbfa349db78f96e3278d1afc943 2023-11-01
FileHash-SHA1 f689e6995c85817193282163a18ec917c5f8d5c2 SHA1 of 64e3c6d6a396836e3c57b81e4c7c8f3b 2023-11-01
FileHash-SHA256 045bd2e3ca743c96c9d2a2141e5eca75c0934ff14dad9ad097d398918036f864 SHA256 of 696e066c4f3d52d5766e724afbdb3594 2023-11-01
FileHash-SHA256 1f64f01063b26bf05d4b076d54816e54dacd08b7fd6e5bc9cc5d11a548ff2215 SHA256 of a13bfe522abc659704965388ad4581ee 2023-11-01
FileHash-SHA256 1fcd04fe1a3d519c7d585216b414cd947d16997d77d81a2892821f588c630937 SHA256 of e634616d3b445fc1cd55ee79cf5326ea 2023-11-01
FileHash-SHA256 3339c25fe3480f0d7fa93cfe7ab4acd7dcb8dc054250935867b967aa50edbf2f SHA256 of 50a40274ffe963e1f214f9f19746e29e 2023-11-01
FileHash-SHA256 448402c129a721812fa1c5f279f5ca906b9c8bbca652a91655d144d20ce5e6b4 SHA256 of c8a2de7077f97d4bce1a44317b49ef41 2023-11-01
FileHash-SHA256 89c61b5b70d806f603c431365f11f5faaa06f4ce34fc8006fb7ed026a2efdde4 SHA256 of 1377ef7319507a10d135d5128ac9fbc8 2023-11-01
FileHash-SHA256 8dc4d5deef19fb4da195c270819a6ee283b67408fc9ee187216a0ce80ee61bab SHA256 of 8f0717916432e1e4f3313c8ebde55210 2023-11-01
FileHash-SHA256 ac7a321a7b00b4adb5863b9a7e91e69afe9ce1953317234a2bd1bee97de744da SHA256 of 23ba27d352305f29d201ac5e43fc4583 2023-11-01
FileHash-SHA256 b5f9377bd27fcf48fb3d81d0196021681739f42a198e8340c27d55192d4bd3ac SHA256 of 48c9a0c76b44a5f2729c876085adba4e 2023-11-01
FileHash-SHA256 b874e5abdd7c008d47560fda4e84db893ac63c18c3a5a450d25f4e62ed8e8d8c SHA256 of 88691dbfa349db78f96e3278d1afc943 2023-11-01
FileHash-SHA256 cf801023465679ec34084bdb1adb9f54b2fc3130925a4b8fdc10b11639b4a7cd SHA256 of a860b368e9e2aa5cb4e7cb73607d18b1 2023-11-01
FileHash-SHA256 e631bf67c349ce3afc7d5960b0247af9466292bc314ff393dee0716f3a50fd5f SHA256 of ba99b11a84a19051eca441320af22f4e 2023-11-01
FileHash-SHA256 f2b4ca304f3d9d3305ae595e19906c545601f8c9e215a9b598036e89155daf85 SHA256 of 64e3c6d6a396836e3c57b81e4c7c8f3b 2023-11-01
URL http://5.42.66.17/ 2023-11-01
URL http://cloudsaled.xyz/ 2023-11-01
URL http://cloudsaled.xyz/c2conf 2023-11-01
URL http://go-vvv.com/hittest.php 2023-11-01
URL http://gonberusha.fun/api 2023-11-01
URL http://hokagef.fun/api 2023-11-01
URL http://nursepridespan.fun/api 2023-11-01
URL http://paintpeasmou.fun/ 2023-11-01
URL http://paintpeasmou.fun/api 2023-11-01
URL http://spreadbytile.fun/ 2023-11-01
URL http://spreadbytile.fun/api 2023-11-01
URL http://tfestv.fun/api 2023-11-01
URL http://warnger.xyz/ 2023-11-01
URL http://warnger.xyz/c2conf 2023-11-01
URL http://willywilk.fun/api 2023-11-01
domain cloudsaled.xyz 2023-11-01
domain go-vvv.com 2023-11-01
domain gonberusha.fun 2023-11-01
domain hokagef.fun 2023-11-01
domain nursepridespan.fun 2023-11-01
domain paintpeasmou.fun 2023-11-01
domain spreadbytile.fun 2023-11-01
domain tfestv.fun 2023-11-01
domain warnger.xyz 2023-11-01
domain willywilk.fun 2023-11-01
References (1)
↗ https://asec.ahnlab.com/en/58319/