lumma | b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
Size

297KB
Sample

240624-gemvhaydnb
MD5

5d860e52bfa60fec84b6a46661b45246
SHA1

1259e9f868d0d80ac09aadb9387662347cd4bd68
SHA256

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
SHA512

04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701
SSDEEP

3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L

Score

10^/10

lumma redline ama discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30.exe

Resource

win7-20240221-en

redline ama discovery infostealer spyware stealer

windows7-x64

16 signatures

300 seconds

Behavioral task

behavioral2

Sample

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30.exe

Resource

win10-20240404-en

lumma redline ama discovery infostealer spyware stealer

windows10-1703-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

AMA

C2

185.215.113.67:40960

Extracted

Family

lumma

C2

https://facilitycoursedw.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

Targets

- Target
  
  b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
- Size
  
  297KB
- MD5
  
  5d860e52bfa60fec84b6a46661b45246
- SHA1
  
  1259e9f868d0d80ac09aadb9387662347cd4bd68
- SHA256
  
  b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
- SHA512
  
  04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701
- SSDEEP
  
  3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L
Score

10^/10

redline ama discovery infostealer spyware stealer lumma
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineamadiscoveryinfostealerspywarestealer

behavioral2

lummaredlineamadiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy