lumma | 8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

Sharing

General

Target

8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f
Size

6.4MB
Sample

240704-2l36aawapg
MD5

5050f9bc5d4a4cec3d2c08ed24480a10
SHA1

c3edc7c64810ece5a5fd4b9bc082b1f4dac7bf7f
SHA256

8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f
SHA512

2f62f4cba6a76681a0ecbb9977120978369ccd8bd2089227d1c581e30c190441f50f5561307eea737a28f625092287c6a6a0eaa924421d8789a72197d83062e6
SSDEEP

98304:6qwBqwWpcCHgb9m429vfTbDJgAWdWikDIyx2yR1OcS/7yMimxwnpyYOF8:6qwBqw16I9evL9Zik0k20wGnOa

Score

10^/10

lumma discovery spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f.exe

Resource

win7-20240220-en

windows7-x64

6 signatures

300 seconds

Behavioral task

behavioral2

Sample

8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f.exe

Resource

win10-20240404-en

lumma discovery spyware stealer vmprotect

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Extracted

Family

lumma

C2

https://foodypannyjsud.shop/api

Targets

- Target
  
  8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f
- Size
  
  6.4MB
- MD5
  
  5050f9bc5d4a4cec3d2c08ed24480a10
- SHA1
  
  c3edc7c64810ece5a5fd4b9bc082b1f4dac7bf7f
- SHA256
  
  8ddb8e92032cbe0758431e0866b6bee6426e2f6422d3b00b26cb03c4f213785f
- SHA512
  
  2f62f4cba6a76681a0ecbb9977120978369ccd8bd2089227d1c581e30c190441f50f5561307eea737a28f625092287c6a6a0eaa924421d8789a72197d83062e6
- SSDEEP
  
  98304:6qwBqwWpcCHgb9m429vfTbDJgAWdWikDIyx2yR1OcS/7yMimxwnpyYOF8:6qwBqw16I9evL9Zik0k20wGnOa
Score

10^/10

vmprotect lumma discovery spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

lummadiscoveryspywarestealervmprotect

© 2018-2024

Terms | Privacy