Overview

overview

10

Static

static

3

Renz Client.exe

windows7-x64

3

Renz Client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Renz Client.exe

  • Size

    950KB

  • Sample

    240703-jlh61atbrg

  • MD5

    d558d404080f9d44ce440d6783140f54

  • SHA1

    614b2ef8b9ae235281361033263f3c105b0fa250

  • SHA256

    28d1fde37c29dffc998ae4b22da6fe8dababe746b440aa17cdae45a6372ab16c

  • SHA512

    f732bbb2c0644797509905e56aff2d7840af7fd190818531d2d7ba61c10e2f97eb9c0825e4c8d9b64035bfba39de072f5389b5ffa1d972c4316096958f05033e

  • SSDEEP

    24576:5KdodQCtwExZxOFyyUF73GE7mRSSUQH5np1eOURJ8sGUM:dwExZxOFVXMmR9rnfEYsnM

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Targets

    • Target

      Renz Client.exe

    • Size

      950KB

    • MD5

      d558d404080f9d44ce440d6783140f54

    • SHA1

      614b2ef8b9ae235281361033263f3c105b0fa250

    • SHA256

      28d1fde37c29dffc998ae4b22da6fe8dababe746b440aa17cdae45a6372ab16c

    • SHA512

      f732bbb2c0644797509905e56aff2d7840af7fd190818531d2d7ba61c10e2f97eb9c0825e4c8d9b64035bfba39de072f5389b5ffa1d972c4316096958f05033e

    • SSDEEP

      24576:5KdodQCtwExZxOFyyUF73GE7mRSSUQH5np1eOURJ8sGUM:dwExZxOFVXMmR9rnfEYsnM

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks