Overview

overview

10

Static

static

3

s1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    s1.exe

  • Size

    21.3MB

  • Sample

    240704-z4awcazajp

  • MD5

    1e02feadcf0565bc636fe2b48580c133

  • SHA1

    aee73dc45371a50878556201cb13fce4923bcb47

  • SHA256

    34656ef1ee64ca950ce6c85c4b8ca9977febd3f67c990b940cd960860881a634

  • SHA512

    99e0aac648e3904b45c35b6bc3ca44af5b461e95f3ce746e8dfd6937e259f3d052847710659f8880642438bfa8197c8800723f32f8efa0e5e3bf261ce62db77a

  • SSDEEP

    98304:/V7/kWotzffMGgFsud1ustuSJQozcgO/B8Px3DwGVMbalzWayZ1Ex3kmivUQe0I4:StzffMbsWnQoxucxDwGjXJx0TUD

Score
10/10
lummaspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://nobledpcowep.shop/api

Targets

    • Target

      s1.exe

    • Size

      21.3MB

    • MD5

      1e02feadcf0565bc636fe2b48580c133

    • SHA1

      aee73dc45371a50878556201cb13fce4923bcb47

    • SHA256

      34656ef1ee64ca950ce6c85c4b8ca9977febd3f67c990b940cd960860881a634

    • SHA512

      99e0aac648e3904b45c35b6bc3ca44af5b461e95f3ce746e8dfd6937e259f3d052847710659f8880642438bfa8197c8800723f32f8efa0e5e3bf261ce62db77a

    • SSDEEP

      98304:/V7/kWotzffMGgFsud1ustuSJQozcgO/B8Px3DwGVMbalzWayZ1Ex3kmivUQe0I4:StzffMbsWnQoxucxDwGjXJx0TUD

    Score
    10/10
    lummaspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks