lumma | 545a8847ba2a146ced8d289a38ad1e0031a6cc55dd63e29913d6f53af75c94e7 | Triage

Submit
Reports

Overview

overview

Static

static

1

S$0larDfdeg34!.zip

windows7-x64

1

S$0larDfdeg34!.zip

windows10-2004-x64

Resubmissions

29-06-2024 05:04

240629-fqdwas1fre 10

29-06-2024 04:59

240629-fme9ysvblj 3

Sharing

General

Target

S$0larDfdeg34!.zip
Size

13.1MB
Sample

240629-fqdwas1fre
MD5

7b6778f1febb7feef784f20f6b0439d9
SHA1

34d6405dd9305edb5ab414eedf361325ade211c6
SHA256

545a8847ba2a146ced8d289a38ad1e0031a6cc55dd63e29913d6f53af75c94e7
SHA512

2cb97bce6b76507cad9e696d2d569adda31900b107f3552d81e86b81f7bf2ab6dcd5f5a4fa13ec25d7bd1939d58f7faaf36eb56f3c02572a9e440c62fe4a4851
SSDEEP

196608:cy5KQZfZPeRD/WCjNkdtEuNYJIsxaz3Xq54N0a+kI0yCEhCp4pljA6kSWC9Qhyoz:cbKfwZ/5SCbab0Ta3yCsCp2yV+Sx

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

S$0larDfdeg34!.zip

Resource

win7-20240611-en

windows7-x64

0 signatures

600 seconds

Behavioral task

behavioral2

Sample

S$0larDfdeg34!.zip

Resource

win10v2004-20240508-en

lumma discovery persistence privilege_escalation stealer

windows10-2004-x64

26 signatures

600 seconds

Malware Config

Extracted

Family

lumma

C2

https://harmfullyelobardek.shop/api

Targets

- Target
  
  S$0larDfdeg34!.zip
- Size
  
  13.1MB
- MD5
  
  7b6778f1febb7feef784f20f6b0439d9
- SHA1
  
  34d6405dd9305edb5ab414eedf361325ade211c6
- SHA256
  
  545a8847ba2a146ced8d289a38ad1e0031a6cc55dd63e29913d6f53af75c94e7
- SHA512
  
  2cb97bce6b76507cad9e696d2d569adda31900b107f3552d81e86b81f7bf2ab6dcd5f5a4fa13ec25d7bd1939d58f7faaf36eb56f3c02572a9e440c62fe4a4851
- SSDEEP
  
  196608:cy5KQZfZPeRD/WCjNkdtEuNYJIsxaz3Xq54N0a+kI0yCEhCp4pljA6kSWC9Qhyoz:cbKfwZ/5SCbab0Ta3yCsCp2yV+Sx
Score

10^/10

lumma discovery persistence privilege_escalation stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

lummadiscoverypersistenceprivilege_escalationstealer

© 2018-2024

Terms | Privacy