lumma | 227447de76c7bcb29130c5b22705a2bf09bf8d648fc3448cb832ce8e6f9be15a | Triage

Submit
Reports

Overview

overview

Static

static

1

yollskare.zip

windows7-x64

1

yollskare.zip

windows10-2004-x64

Sharing

General

Target

yollskare.zip
Size

35.0MB
Sample

240624-vwdj2stejb
MD5

4887b175958a86cd26d2a117066a363c
SHA1

a168a2c626ab02254a6e4b7f00352e9ee549d4cf
SHA256

227447de76c7bcb29130c5b22705a2bf09bf8d648fc3448cb832ce8e6f9be15a
SHA512

3cb6347662cb5b16e3bf6b7b43ddf8f4a0720d00c23ffd7c0ff4d14fdca5860284ca2b91e5d6c348d5845736206f87eb4792771efab8c3ebb45a8b41d29f2d98
SSDEEP

786432:hMuCrZX2d1wN+KLj/BMWCJd/B2VgmrJD4KrtQHRfekgr5B+pe7Q/2bFK9+O++vtZ:qGd6N+k/ed/B8gcCKWRKvu2JK/

Score

10^/10

lumma redline infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

yollskare.zip

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

yollskare.zip

Resource

win10v2004-20240226-en

lumma redline infostealer spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Extracted

Family

lumma

C2

https://employeedscratshj.shop/api

Targets

- Target
  
  yollskare.zip
- Size
  
  35.0MB
- MD5
  
  4887b175958a86cd26d2a117066a363c
- SHA1
  
  a168a2c626ab02254a6e4b7f00352e9ee549d4cf
- SHA256
  
  227447de76c7bcb29130c5b22705a2bf09bf8d648fc3448cb832ce8e6f9be15a
- SHA512
  
  3cb6347662cb5b16e3bf6b7b43ddf8f4a0720d00c23ffd7c0ff4d14fdca5860284ca2b91e5d6c348d5845736206f87eb4792771efab8c3ebb45a8b41d29f2d98
- SSDEEP
  
  786432:hMuCrZX2d1wN+KLj/BMWCJd/B2VgmrJD4KrtQHRfekgr5B+pe7Q/2bFK9+O++vtZ:qGd6N+k/ed/B8gcCKWRKvu2JK/
Score

10^/10

lumma redline infostealer spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

lummaredlineinfostealerspywarestealer

© 2018-2024

Terms | Privacy