lumma | b86f6bae66732ad1c928f05296c9abef2f801e1351362e0956317a8c65ef2942

Sharing

Copy URL

Twitter E-mail

General

Target

5f90dc93d4b5976e441e8b9e17590a33.zip
Size

11.6MB
Sample

240624-pekzxa1fme
MD5

5f90dc93d4b5976e441e8b9e17590a33
SHA1

5a801d0ed3db98bc0474ecfc094384eaec213e59
SHA256

b86f6bae66732ad1c928f05296c9abef2f801e1351362e0956317a8c65ef2942
SHA512

b94325fc64578864319a91a083a120dadd3fa8cfdf95262ffcd5a3db2dc141828e787453db114eedd4fa71de8a7ec5086dcfa43e0d28466dc661eb0957fc12d3
SSDEEP

196608:rZdR0aOUUx5IXnQSJa63MyRBcPC7Ksc7vTE1JcpCj3uZTM2SX4N6m+3iYSUoKv6B:rDPhUx5IXn1w6M+wC+sKTE1bj3uK06nK

Score

10^/10

Malware Config

Extracted

Family

lumma

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  24.7MB
- MD5
  
  ff705c79ed5dda7bdbd720803eedfbac
- SHA1
  
  a0abfcfa4b58775ca4bd8c4f05887eb8105fe0f8
- SHA256
  
  f3c82a7d7446140bce47e45fa8f37def3f36655c6241e18e392703e4a56165e8
- SHA512
  
  532649e997b9ba528fef2ad60975a686ae83ae514ff1ead59f53ae8e178f33ff8f8296798e4fa181a16bc83b83c7d6ec26c75d03a1ce542586859379e3a10b8a
- SSDEEP
  
  393216:l9jmwJGRFpRdOupOibnGa3dTYDqrycuXhbCNCU:jjLibGmTYgyj2gU
Score

10^/10

lumma persistence privilege_escalation stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  x86/HDHelper_[0MB]_[1].exe
- Size
  
  566KB
- MD5
  
  8a179892518a2c4e8a63afa91de7bdce
- SHA1
  
  e9b095c966ccc4c4900b4cf741c067d2a0f43cd4
- SHA256
  
  72ece91f65a461c5023695bf5f31b5b6b5bd629dba8407524e8144f6d1e160e8
- SHA512
  
  91abb220c222a89a2df27818b8385b4015128a35b7d4c43d0f497717a4e5a55dfb9dc1da3f47a49a2400ea8300d41d52277331a6c7c3437ac5cb867a4027b220
- SSDEEP
  
  12288:voJoMf8uSKkd/kAseRy/M96oQD08WjWYatid4TwzSxK/G8kHcL:CEKkd/wXMwoQJW6Ya5TwzUKeH8L
Score

1^/10
behavioral3 behavioral4
- Target
  
  x86/NvStereoUtilityOGL_[1MB]_[1].exe
- Size
  
  1.1MB
- MD5
  
  017cd77d01314e72a973ff0c7882453d
- SHA1
  
  288238159cf18418149f5cd3475a6ebb9f45a631
- SHA256
  
  c2c71318a17f7f767e5d203d22b48f27eecae46a4f37082d7b413c51da6183b3
- SHA512
  
  b1d4c87e7d8585c16aa50499398c9a04d90bcd32ab36fbf7a357bc15abce0cd802a259cc7431de9fe2ca77aa68298aab5041157308be4601f7f7aa0c3c180b03
- SSDEEP
  
  24576:zCVnoQHgdFnJhVaqajA4+ubDaSKYqSpamUbSBe:zgnoFFnJjaqajA4+yaSK5SpamUbSBe
Score

3^/10
behavioral5 behavioral6
- Target
  
  x86/VSLauncher_[0MB]_[1].exe
- Size
  
  281KB
- MD5
  
  7a7bb3b0e57e4fb32c57b74e78e657ad
- SHA1
  
  f1dee943b1b6238b1466d83325c4099d189cd4b5
- SHA256
  
  87048cff2227d2901314760618d23917cfbc5cc15fc22dc355e803c5ee5fb211
- SHA512
  
  ef0c9985b640189ed9991b301cfbf9771df961e1bf67bf68c5833667db53977c9745bcfb42e059d8bb5bcd7a88253a715d86f65612dccc33514ccda3baaf24c2
- SSDEEP
  
  3072:Dawahjy56hh65Ndqp9ikqtPLy0gJmU/3j41IGvQC2mCILuCW+VoNDRUiuDhJoueT:dLlavj41nDlDOO9uunwiLWyIE2n
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8