lumma | 301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec | Triage

Submit
Reports

Overview

overview

Static

static

3

301394de0a...ec.exe

windows7-x64

7

301394de0a...ec.exe

windows10-2004-x64

Sharing

General

Target

301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec.exe
Size

4.6MB
Sample

240624-bfvzlssbme
MD5

f3633e3e1bc67dd770d72c79d1e1f665
SHA1

47443903cfbcd8fefb314c1b29324b7909142634
SHA256

301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec
SHA512

f7211899a4dfa6979f3bd0d797e55e32e264212635f4569c7aee4cba63c3ca0fe2ec27b86d2e27b36f4b28b7ff50a0202116d0e44a0fbe684ef814e96d4e2a35
SSDEEP

98304:KrLVoBkwXnc+AdMIm8r3ctMmKCOQhMCTgeZ1lcvdq:IhIkwt+x31/CICj1lg

Score

10^/10

lumma xmrig evasion execution miner persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec.exe

Resource

win7-20240419-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec.exe

Resource

win10v2004-20240508-en

lumma xmrig evasion execution miner persistence stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://composepayyersellew.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Targets

- Target
  
  301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec.exe
- Size
  
  4.6MB
- MD5
  
  f3633e3e1bc67dd770d72c79d1e1f665
- SHA1
  
  47443903cfbcd8fefb314c1b29324b7909142634
- SHA256
  
  301394de0a1858f4e7b20244ec2d938cce91c61e7c9e224b4fa00177b6bf9cec
- SHA512
  
  f7211899a4dfa6979f3bd0d797e55e32e264212635f4569c7aee4cba63c3ca0fe2ec27b86d2e27b36f4b28b7ff50a0202116d0e44a0fbe684ef814e96d4e2a35
- SSDEEP
  
  98304:KrLVoBkwXnc+AdMIm8r3ctMmKCOQhMCTgeZ1lcvdq:IhIkwt+x31/CICj1lg
Score

10^/10

lumma xmrig evasion execution miner persistence stealer upx
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- UPX dump on OEP (original entry point)
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

lummaxmrigevasionexecutionminerpersistencestealerupx

© 2018-2024

Terms | Privacy