lumma | ca2fb11b4a3c6af86a50a65605519e4f521381a536fbd77f74a1183844c1e199

Sharing

Copy URL

Twitter E-mail

General

Target

UnivMenu_1.16.rar
Size

110.8MB
Sample

240630-3lmc7sygre
MD5

06b2b24cfe2af61bbf2cfcff73c3e805
SHA1

a4c211c90512bb19af767efe652a25e2e7a088e8
SHA256

ca2fb11b4a3c6af86a50a65605519e4f521381a536fbd77f74a1183844c1e199
SHA512

0531235f544df599600a6efe5a7a72f8a3e7bed7ef68f808c0e6934e1b971d64248f26adfcba9b7a8789efdb62a0e24943ccf79adfe9f2aefef0451b0f5fea8f
SSDEEP

1572864:hOGoHGZ71kZPV+1NlFLXngxw1exwQGngoHGZ71kZPV+1NlFLXngxw1exwTSaF3DW:hOGoA5kFc15AwQFmgoA5kFc15AwQP

Score

10^/10

Malware Config

Extracted

Family

lumma

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

- Target
  
  Loaderldsaldls.exe
- Size
  
  667.6MB
- MD5
  
  4d7ef45e0306a1affb7bf13a8d4df52a
- SHA1
  
  b61beea3033558114e5a158742b2e54a46ee432a
- SHA256
  
  55c958d034353bdcb6de3ac799e3df870ab56e8aef1cfb215ed853f178ad11c5
- SHA512
  
  7200fcc6d431a148aa683b4f2e4cbfe07a66ed260685ef12ecee5fecd1d7e48c51e6e822f47e4e9921cac5422a30aa8933a956991e00425f1a797fd4d26e5f6a
- SSDEEP
  
  98304:pojXoXU7jjY7cYq5uGfUTHrZ2UZX40Dp+nShHhFuyWf2+UX50aV+K6d+GV/F:pU6Sjc796e1B4+/VXuyM2TX2+6oq
Score

10^/10

lumma xmrig evasion execution miner persistence stealer themida trojan upx
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  ⌚/output.exe
- Size
  
  3.0MB
- MD5
  
  ef3cc09687e8677055a07c03eac064da
- SHA1
  
  b86842be4dc2a24dafd752ed152b0adccc892825
- SHA256
  
  9bc07bccb38266b1b7c1578ddb4162d7c77b44bf8ec1d1594220f7911e955b33
- SHA512
  
  26d9b8a7d254584a9f142db0a4da0c597bd244b56e8dec761a712fe19b7d822e047cd48decfd7a11e1f544edad99f98420585649fa450c0977f19c76fff4a72e
- SSDEEP
  
  49152:YnCNSQqpYSwkQmsSebXb8vw/i6F8ma5r0Hpny2kUnjtv4KbNiziY5glWCBPzf1MH:HURCFiKNFCmtnUktvJMzAWC1zf1MH
Score

1^/10
behavioral2
- Target
  
  ⌚/output2.exe
- Size
  
  240KB
- MD5
  
  aced710f2a7700f143ee71f74308935a
- SHA1
  
  7636a510275e19c66eafaefc47da4dfed36ab238
- SHA256
  
  e36278e8091eee535bb091de231ebd22628a56b5ef9894711112209807122901
- SHA512
  
  4b4579abf6e8c227f05496939302f1158ac5b8a6e704b7a8f5e5bb7a7a4f4e017a9055a6a5459d1226efd05eb253156ed2884513b69dcc9d4809920139296985
- SSDEEP
  
  3072:UpW9q18GnODYQxa4bAYSHn/g1q/QQxinFZs0s6rBnpCXVGdFv9YbUgmgYKlXvwwX:gcGnuejH/bQQxqFu0pnpC1rlXvwXKOg
Score

1^/10
behavioral3
- Target
  
  Source/QtGraphicalEffects/Qt5WebEngineCore.dll
- Size
  
  108.6MB
- MD5
  
  c3b619ac876e44f74692612c8757585a
- SHA1
  
  3256dfc390cafa0a276679bfad5ad9fdee103210
- SHA256
  
  7db1cc70873e9fc05bc644c02f074824669a2b8c1c7c596fa3974b76fbf1d1dc
- SHA512
  
  ace72a633e7297a749424491e35b15679979c6a252a20e64570211b1708cfe0ffd4bd1c72766f15a97d5c4209d19c8fc25505972786269e34c8c3b04239260b2
- SSDEEP
  
  786432:177IumwRiPP+QfeimPmmewR8rXJX7xj9Jbec6WYyZDPz03X7IP:9Iumwe+QfeimPmuRcXJBE690U
Score

1^/10
behavioral4
- Target
  
  Source/QtGraphicalEffects/RadialBlur.qml
- Size
  
  11KB
- MD5
  
  33fe812bfb242ae0a883932a9b35a98d
- SHA1
  
  cf297544e75ea94635efbb8f311c847aeba2875d
- SHA256
  
  e086b7c17fd77f5b4f061ef6b49f1f1482a3429705a3174db77bdd7d1e25a6ea
- SHA512
  
  42daeed3aac5d14370e4c9ce72e9a1d19419843d7c9667655e559cca80ec8d77ce7f804641727e15d46225bc3169d6e3959c9558fbc7bddddf4c108359d85db1
- SSDEEP
  
  192:7ILp3RRDQGloQhIfXoXFISCa6z/eJV5NRnYXeQ5nQJVxNjs3JNzMbth6xxJBtw36:7KkGGFQ6QV5XQUVxGfAth6xfBtw3dm/D
Score

3^/10

execution
behavioral5
- Target
  
  Source/QtQuick/Controls/Styles/Base/StatusIndicatorStyle.qml
- Size
  
  8KB
- MD5
  
  702bbbb5b40df54894cc61fcba911ceb
- SHA1
  
  7a63660ef3396c577835d4e2c739d7eb8c2b62fc
- SHA256
  
  9846d99bf3aaac6ae982d7b7ccd4479d5846457329ea0ef4b6046af901c8b085
- SHA512
  
  4b6ead06c75111d829707cbefa8abec8af5489d8ff6ea4109f7d5388b052ad96b34b11eb976026653e86079aa8086e79e23e958b44f72cf0120b1e30f9a30b39
- SSDEEP
  
  192:xZp3RRDQG8sqS/3gA5ff/PLaE+zEQaVLVsYfCeRMjt8YRS8/yfL:5kGvJX2hBYWYRKTRS8M
Score

3^/10

execution
behavioral6
- Target
  
  Source/QtQuick/Controls/Styles/Desktop/ComboBoxStyle.qml
- Size
  
  5KB
- MD5
  
  61170c083726165565734d898619b207
- SHA1
  
  ab8b15998c7539e1188e933e982b981722cd7c6f
- SHA256
  
  00ff23ba6d7bfc7a70856c8ce9d57532f249509304ff29ae44330d24e3037c9a
- SHA512
  
  eb074b646c5a7a64c4a8a659d8df889d947378f7cf8288c10621f8e8517e0dbe58ef69094f7c85e31243808874e8ba519eaa753bb0f1e6f67d06bbd6d9eaabd9
- SSDEEP
  
  96:xoLp3RReSQGPltvv9bl6p1P2d8y94XPYnJm5K1FSNK7JZVj2ZCL:xSp3RRDQGbv9pJeyaPqxj2ZCL
Score

3^/10

execution
behavioral7
- Target
  
  Source/QtQuick/Controls/Styles/Desktop/GroupBoxStyle.qml
- Size
  
  3KB
- MD5
  
  15c012094c3ac552500def496b4af3be
- SHA1
  
  5a6db39e1933df3d176a0c0c4315dc10742706d6
- SHA256
  
  dbd7577badd47a8ba8514cf2c828a1f94760c01036502d404222b7b130b0785b
- SHA512
  
  a5dab128fcbb1063a6e04de6db69e8c68ca4982a4e3728cafbe422e179725bbe11ff79728213698bca80531d9d6ecac5c0856aad5cba5ebc91c8e635f5cfa831
Score

3^/10

execution
behavioral8
- Target
  
  Source/QtQuick/Controls/Styles/Desktop/MenuStyle.qml
- Size
  
  4KB
- MD5
  
  43a7f4baa434d103d0900827cfa4a34c
- SHA1
  
  f7b6249474188c20852915fd8a0f5a6b169b4fce
- SHA256
  
  bcbf8e2f09ee6942b3eb5c9b62bfbd9372ad4fa268296f69affed28b82c7a0be
- SHA512
  
  7e5edd9cf2f6e2a1888f10a9b86e05534995efa723a6d136403e97f4391fe94b84809745ca4485b0345767dd5d8ea887ba6f5a1d36ce4ac056669c4a7bc20e2a
- SSDEEP
  
  96:xoLp3RReSQGPlS2P7/X2odbTlFoZVkam6Ij3hl:xSp3RRDQGg2PTmSbTlckB3hl
Score

3^/10

execution
behavioral9
- Target
  
  Source/QtQuick/Controls/Styles/Desktop/SpinBoxStyle.qml
- Size
  
  5KB
- MD5
  
  890194f5a34c7be87fc63a9c2cbac3a2
- SHA1
  
  cad6742d1b91180eea7b3469399aedb16bc6184d
- SHA256
  
  0fc3de9199de8fc4b3ede9171e7f03c880756016124c9de5b31f8a6272ebf3b4
- SHA512
  
  df795a29401b61ac86968dbb604614216c4979c586d04812c5060d000720feb5fc94793c50c62ce9530a48fcdc1d84bd5db01b9b298ce59fced351193c9299d8
- SSDEEP
  
  96:xoLp3RReSQGPlUKztGsyrRyVn0xnSkX/3s0JKn8AL:xSp3RRDQGWzsyNXMJL
Score

3^/10

execution
behavioral10
- Target
  
  Source/QtQuick/Controls/Styles/Desktop/TreeViewStyle.qml
- Size
  
  2KB
- MD5
  
  e0aa379b2a0c01ba02d9dd128c74bfbb
- SHA1
  
  4e2005633527069eede98c33628428c358ce0c64
- SHA256
  
  1c645cda72e81f295d03fed5142c502651c9d5f0418788f5f3c53a5720c2351e
- SHA512
  
  28bf0f38bd956458655590f2abddc0a14ab80cd395f18b710c0c9e973ee1c033615302c94d0bb4906d711e82880db0239c3c81ea36845d8d882e1d38a1ee3502
Score

4^/10

execution
behavioral11
- Target
  
  Source/QtQuick/Controls/Styles/Flat/qtquickextrasflatplugin.dll
- Size
  
  814KB
- MD5
  
  8c16bb33c4dfde610edbc2228ecf5a21
- SHA1
  
  8c6561f46555228c4c75d412fefd5f998c0b1e02
- SHA256
  
  fb74f4049964c4242fa85ac9ae01771ee6f1698dc8e5638cce823c4561ccf5a9
- SHA512
  
  c7f37b88870c0db5c33de2c28bba0b26fe5c56aa73b07a9e502214d2d818d7ca27b605ba3f5282a7cf3f8632cbb3fe1165ad692d8841772faff02c0bcbeb67ce
- SSDEEP
  
  24576:4nygIwhCNoh+Ja9f9VhCNoh+5i9FrIJJpCNoh+75:mG2Ua//UioG5
Score

1^/10
behavioral12
- Target
  
  Source/QtQuick/Controls/TabView.qml
- Size
  
  10KB
- MD5
  
  518d7ce1bf34f9a48a0ad7055a5ad401
- SHA1
  
  d0d00961dc8a297a0be9d7f214e4c8890256bd5e
- SHA256
  
  345f25e31fb7e4106a5880b0a33d7d704ddd49c7656bf8ac8063ed61ffd16bb7
- SHA512
  
  0d44d17c163bd89ecc5ce7750b0bfbab56a376a448dee9ec4ba8f94fec5f305e35295eb770dcce01f7b705c94384f074819b8273b96c16a86ecd9f5df5c1a777
- SSDEEP
  
  192:xSp3RRDQG9Nkyty1yi1CQDmucP0fg979YfpwfxKt8kQx5by1XDDW8AgPOTa/GjS2:0kGPkyGGopBDfUCNLZo
Score

3^/10

execution
behavioral13
- Target
  
  Source/QtQuick/Controls/TableView.qml
- Size
  
  10KB
- MD5
  
  3a4996245c71e516d68566ed30de2239
- SHA1
  
  109c155175680109017c72aa8a4a7db69882e8e0
- SHA256
  
  6da3a4c8079bfaa848cc98d46c1e7a6dcff2be7ec355273220a1386d9215b9eb
- SHA512
  
  9fc11c9124adf97d15fecd11d8e61619c4b460bee9b674adcd519f5f0900167e596385e2fd95152113b7692aecf463a511748902686bac72930a2e6ff27ff304
- SSDEEP
  
  192:xSp3RRDQG2tfhaSIThbzAkoFjnM6ojACjc+jqiSCdjJjPjjy000YNxwCWj086jgG:0kG6ESI9bz+mltJxONmmVn
Score

3^/10

execution
behavioral14
- Target
  
  Source/QtQuick/Controls/TableViewColumn.qml
- Size
  
  6KB
- MD5
  
  e322f20e048d88ce920d95ee1442eb5c
- SHA1
  
  ba63dcbd765db8beda56f8d11f3e283b84b07855
- SHA256
  
  e6bc2ce248b268fe53d74e52b830929fb84c684d0e1c7a3e5c7347e1274536f4
- SHA512
  
  b383cc08485eae6f6f3653c7eec285c8af4c2e0b918790b6f1199201a0d94b714f9fa1ad4cb1db2c829d1a5167fa8b09803272daee2f12e9263ef8e24ec55dcc
- SSDEEP
  
  192:xSp3RRDQGY+gt7cbCZFRrsXMF1SmKANa1Q9iSCyu:0kGBIZPIUriP
Score

3^/10

execution
behavioral15
- Target
  
  Source/QtQuick/Controls/TextArea.qml
- Size
  
  34KB
- MD5
  
  49c43180e84c2c511be7ca6bf8165147
- SHA1
  
  6457d4d20e1147c35d17ac7e9778a8291be458c4
- SHA256
  
  accaefce99616f0485da074a78a20e6af80f5829adccf2f9f9103cad5c91b090
- SHA512
  
  d39571bb3f82c6fb332a06f0912ed8e3d9fe2d0193e4e075907d635b73fb96f94b8da7adde0c27734f1e20bb4d50b13ad8d3658cd6161f5306aaac69ebe974e5
- SSDEEP
  
  384:0kGuvtEdiGiunMPgVFHS1EngI+2d5GSy5Nt6Vyot+6M:pGulkvHS1462d54Nt6Vyot+6M
Score

3^/10

execution
behavioral16
- Target
  
  Source/QtQuick/Controls/TreeView.qml
- Size
  
  16KB
- MD5
  
  3bf0143ed69a2e7521a54377c9efed1f
- SHA1
  
  ac64441dd4ef8ef4d811558d4513b2a3aeac9ccc
- SHA256
  
  7db45e9d176a4ce936927f0d01deb0002bab08dbd711bf43021629a827c56bd3
- SHA512
  
  35ea5223d28830016538d3bfe421b3be1ab1d3fae8b7f6b44fcdc535078b7f8280c4298e528a248af7e40dfb1ffd281b523493f423dd9c375515346c2d79cb8a
- SSDEEP
  
  192:xSp3RRDQGwOotdfbODWGK4NbjgjgCzvEPSCPEVdjsUWxunzqjWnzjVCJvejeziTQ:0kGQbODW54NbcVvLrmOjtUv
Score

3^/10

execution
behavioral17
- Target
  
  Source/QtQuick/Controls/qtquickcontrolsplugin.dll
- Size
  
  334KB
- MD5
  
  4b4b2c4e39cd3598a83d2b9313cbf4b1
- SHA1
  
  86680c4750ea6d2239114a1e4854f3572197a101
- SHA256
  
  a212aba977712ce51c12e52627c546fb9a6bc117c0f22aabd5998fd118301540
- SHA512
  
  2cc86152ce3c2f8fe8bd1d2fe4d296ba1214763b4202a610a48861ffba6d4f23c718163881663ff3f8fd99d4c92fff23c87b1f8b7323f0006232f0afc4ebfb8f
- SSDEEP
  
  6144:qiRA/fpwq8GCN//9kMeyFtZLOTAGQJNkGSc9pOnPVVNV/ve:i/BwGCpKMeTJm
Score

1^/10
behavioral18
- Target
  
  Source/QtQuick/Layouts/qquicklayoutsplugin.dll
- Size
  
  112KB
- MD5
  
  2f52db73c4a8c7c0d83479ea9ce1f819
- SHA1
  
  37270fbea41aea4c81982f11504ff2837bec69e3
- SHA256
  
  1d34199aa759d18e7ca9a9ee64492c054ea7d3f002c73145d2475d4500ce003a
- SHA512
  
  00edf9d2d302a5782104488ec97e8f88811e6005e43d6ce555acd5c809f750b7eabfcb839993fa224a58918249d45ab597accc95099af2bc9136ad23478d6f31
- SSDEEP
  
  3072:h3ksi/JDSFm32Riu8tVAhkT23ajZ3AZP5:pkf2Fm327kT23ajZQ
Score

1^/10
behavioral19
- Target
  
  Source/QtQuick/Templates.2/qtquicktemplates2plugin.dll
- Size
  
  350KB
- MD5
  
  931244a4c4ade20276544e901d9394c2
- SHA1
  
  6dbaa7a41d2eecd52cf109313dde5b45fbfad63f
- SHA256
  
  39503974469f75fcd45e4fd183200732f21ad34c0191dd2716f954090d816299
- SHA512
  
  268e4f6c644347c8ee9e8b203133c73ff6a23378d753a780b430a2f32bc2c28a40cb0359b7f01cd0a5a9617d95941694014df526f00468a469b0aa34421aaaf6
- SSDEEP
  
  3072:dNuSeeKLS/7PCF8Qjr4zTvLCc8uKDVL/OqlK3C8ukinFqYEXoyU:OS3J0AjLu7K3Binae
Score

1^/10
behavioral20
- Target
  
  Source/QtQuick/Window.2/windowplugin.dll
- Size
  
  54KB
- MD5
  
  713bdabbfd0e381a90c1e46e95527070
- SHA1
  
  45855cfcede09e3b85eebd880529b068cb8d795a
- SHA256
  
  1c850162b33c8f7743f6de361f72158f26b090a661fc9ae69168a0b458104a50
- SHA512
  
  2d3714b05a7e6f6ef95be350c5183000e9619a8341765c4b152e38b2d04aedc6a6b8c1a369044dffaf1ef5f99048238b0e6ed9e973408f3e0d9188bc1cfa5968
- SSDEEP
  
  768:mgS/yHLT03HyXjlH0V3dq1x5v6IYiSOioEFiRG:Uss3SXl0tdEXSI7SOzeis
Score

1^/10
behavioral21
- Target
  
  Source/QtWebEngine/qtwebengineplugin.dll
- Size
  
  110KB
- MD5
  
  9f626dd98cb636307cfeb50447f54c29
- SHA1
  
  fc53e44c3b5427e36b273de34edf6d334b65f254
- SHA256
  
  6820a696d3eff3cd275b663fdb2bbad5dea7ac58010710b555589d1b6da8c35c
- SHA512
  
  230266b3cad9a14da5b9ffca8112260f6fdd5c4510e87b897c170dbe28992b8d50b720d049d079037ef5148dfb66d004caffc569e10c9d7268585846ab6e2d59
- SSDEEP
  
  768:9nrBZzBuHc05jKtdBe/bQNgf0fNTm/rrY++m9tYJlGkgVCb2UqYYiSNEFiRa:9rM5jrEgcIc++m9OJlGPCb2BY7SNeiw
Score

1^/10
behavioral22
- Target
  
  Source/QtWinExtras/qml_winextras.dll
- Size
  
  101KB
- MD5
  
  4af21827e45f56e2b9ef1213b1e26258
- SHA1
  
  e10895fedc91d5159fc3793f2780dda3a02d397e
- SHA256
  
  aa7fb78aada7c96fcc2142af9fc10a1a1ce3c6cd19ccfa2d5f719c93d38f6772
- SHA512
  
  6ed684a6d66fac27ad3f8733942c1bc0caf187274b8694b57f57208f1666d806844d0f4fce0b4a82c14d6d7957a60b7d1b1600dd3fe31bc01e8ff8cc7fa7f6a7
- SSDEEP
  
  1536:lfPwA3SUahFmUN17Rwu+d8J+oMlFM2JtMKeJ7Sheie:lfoA3in1dwuwlFlJtMKeJND
Score

1^/10
behavioral23
- Target
  
  Source/audio/qtaudio_wasapi.dll
- Size
  
  98KB
- MD5
  
  7274d6368417e6f2bf0d11868e9e7b9a
- SHA1
  
  ac119242eefb05b285b1cee611f86a131089ead4
- SHA256
  
  a705cfa2e1a19e6acb350119368f1f399e761d6ce0beac7e07b5ba60f8deeda7
- SHA512
  
  018c283a38f6ae67cd585bd2f7683b9cd9f2a83f980a12d46954eb579406cec35ab6bb9ca9245aad73ac8573356e0ecacdd98b95159aa3551da2ad86272fc7ae
- SSDEEP
  
  1536:YW2jp5E/yWU0hwb+/KcrAj/PH+THyTS/xU0g4/4FeHiHK3H1OETE2xj7SxeifhS:IN5ENwbMQ5gBTnj55
Score

1^/10
behavioral24
- Target
  
  Source/audio/qtaudio_windows.dll
- Size
  
  65KB
- MD5
  
  b64c09b33f37b87df1ce8d835de9d40c
- SHA1
  
  b773bb292cd0dc0e6083d269d37ab5377fc7a14e
- SHA256
  
  eec025b688ed82c9a86ce3cdb0cccc97e4321fc0299f893a4ee459468fc22e19
- SHA512
  
  bb1d40587e1001f345e1432f9097ac062b446ea4b1d0df4e057f453da66422a15a2f073ae4fdb69e87a9e7f17947a448a9ebf255182eb33bf5202595b3e63150
- SSDEEP
  
  1536:LnYcP2aziJKmySzYZM9+qjY14U7ScWei8:LD2amJKmzYZs+qjY14U7lx
Score

1^/10
behavioral25
- Target
  
  Source/imageformats/qgif.dll
- Size
  
  40KB
- MD5
  
  0b1c9399e0c843cb846eaded98c95b8d
- SHA1
  
  ebac00b027b9c7e87d5ecea5d12b02311985c531
- SHA256
  
  bb971257430771b93fea7ac9a708815167c0524bee9fa2e5ba4ed455c6f9b9d2
- SHA512
  
  76e8486437c44ce677d3560f4a67bf1f6258ee2a77a9293750aae4acbfbb7b74c4ccce9edd94bb3ed4809cc822dbf9ce2060226ef3ed8f2001be640fb5a7baf9
- SSDEEP
  
  768:pJVn+qBWnyz6rFm5xPFiyZlAcDTYiSsEFiR7zz:pLn+qsyz2A5xPFiyZPDT7Sseit/
Score

1^/10
behavioral26
- Target
  
  Source/imageformats/qico.dll
- Size
  
  40KB
- MD5
  
  8ec44d88ae4f50b81e862bd63ce63dcc
- SHA1
  
  0d3ae71778193c32584cd3cae87a8b132b34a1d5
- SHA256
  
  48bf27e41bc291e105649cab68c452b795bd45f2841ef0a57d95be9a05b4a0d5
- SHA512
  
  e49b11ce676e638b5083fbd41e4626a28c7641a2ff1ac2dc3bda3c2e0199e6d2a5784faf3f60c7467705c91712addbc89d75b5aaf3f767d773659e99f2a67cb5
- SSDEEP
  
  768:DYzlwXtYYal06/wBWKYVTVSReTSYiSE43KEFiR3:DHXtK04PKYVTVSReTS7SE4aeip
Score

1^/10
behavioral27
- Target
  
  Source/imageformats/qjpeg.dll
- Size
  
  609KB
- MD5
  
  d987845231298b1d4e618d5921122662
- SHA1
  
  57e739f18e793fb6834d62e03833a00ee3053bb7
- SHA256
  
  49b4174013c42cb9b600bd1a4eed00dca6629fd23415888491372d5ef3631a40
- SHA512
  
  0685f59f08313712ab21c06bdef2b2ddc84f2dd25bd4cc5e010acc615c387fd06e3d24c8b0ca4ecbcd3d20bc1a1ad6c8af90ff8397ac0b0e821318ce64fe81c9
- SSDEEP
  
  12288:qhHqwIBfyMFPHdNuZTEQTdMqYStXhjIyk2xjNXoW8yl75DesKwzJVXOU6o/pDV8f:qhHmdVHd6S
Score

1^/10
behavioral28
- Target
  
  Source/imageformats/qsvg.dll
- Size
  
  34KB
- MD5
  
  b496d40dee742690f456547459ac29f4
- SHA1
  
  1e09f7fd27aab8365d405a38f66876fa90f6c049
- SHA256
  
  e87918ccb5e7728694224d5917a7dd194a719c0398926719d520ceef45fc8d8b
- SHA512
  
  4d292f119252b1eeb63bae4d1567c0fc0417b4726ee6aa675651d15ca40c76065cd60e3ed8b3dd766c9d3aa1bced82c6c0faa683ac923b4b3fecdedd4ef126c0
- SSDEEP
  
  384:Oc3lTkoQUHMfnA7rzxsHGz58X2e2A5SXXzOPpzVkNv1vTQIYivacXwK5uGoGCJE0:51HMA1ssReUXWz2v1vT5YiSs+EFiRr
Score

1^/10
behavioral29
- Target
  
  Source/imageformats/qwebp.dll
- Size
  
  382KB
- MD5
  
  969cb040c642626b5f5c80cce081415a
- SHA1
  
  5d89753054515df2c972db8ee70d9e99d62ba30b
- SHA256
  
  9ab90d4715ddc08940db3ac1c7fe09e92cbaafb58224155bf1b7b9797356c821
- SHA512
  
  aa19a5ca6f9c225bec4ada72370580771310b90f24f98ff3d15dd810090cee95e105ba17510d46fefa7ada1d21f6ad32473494bfd5db635d8b2b0ebab7bf5443
- SSDEEP
  
  6144:ZgbPqSC/ddgtk65LXHlsRyz85829tKWEwy+5HwVpyK58dDjM:Zg6dP6VkW2vbQcd/M
Score

1^/10
behavioral30
- Target
  
  Source/platforms/qwindows.dll
- Size
  
  1.4MB
- MD5
  
  c19c43f744c3a6eba606287b757999c9
- SHA1
  
  49269ea2fc2d987684d5de55cc2ad8005ff6aaa7
- SHA256
  
  34b4e25c6108e844867b049f57c490a6be305380d935811a7b81c9842137eb5d
- SHA512
  
  b3a0e9da7067569d5a34bcd79e86166e356311dbfba85fb556df0ab546dfed58cc74e8575956034ee90d5a58fc024e219d89dbc9dba1435d98194f9e5139abe2
- SSDEEP
  
  24576:9z0xsjYMYt9QfoI2wHcSwKSCjQzQVoV/fkkHDRZT4ZZJgIsnyECqnQ1h:5jYMYPgo7w8SwKSlqkxHrq
Score

1^/10
behavioral31
- Target
  
  Source/styles/qwindowsvistastyle.dll
- Size
  
  143KB
- MD5
  
  eec9a836034504337482df3dcead9cdd
- SHA1
  
  53fe236465d5a35dedc64512e4014179561c1217
- SHA256
  
  a72d0573a8d135e635480a9d96fe34b2710e6b159e65bb0a47fd2ea09ea008ac
- SHA512
  
  a8ae5f93ed3a578320b8651289c1f4d0b783fb0f00f5161c2be685712400cadc049a0c69594574a13192991a1f8b6e289b5613dfe6d8ed2546cfb12edf663634
- SSDEEP
  
  3072:vKqJOo7oodkDFNwgoO+s+VHqa/MFWxmqd0SvJMPVnV:CS5kJlza/MFWxmqd0SvJk
Score

1^/10
behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

xmrig

Identifies VirtualBox via ACPI registry values (likely anti-VM)

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Creates new service(s)

Stops running service(s)

Checks BIOS information in registry

Executes dropped EXE

Themida packer

UPX packed file

Checks whether UAC is enabled

Power Settings

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32