lumma | 170e174a0818f7dc9a2827203fa9984fb5cbf40fe89075209ef603921e422ac0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

170e174a0818f7dc9a2827203fa9984fb5cbf40fe89075209ef603921e422ac0
Size

207KB
Sample

230115-sdfwcagc32
MD5

2629d882824682177464316e08824077
SHA1

da1863d4aff251dba95f4946b415a9121d6e2293
SHA256

170e174a0818f7dc9a2827203fa9984fb5cbf40fe89075209ef603921e422ac0
SHA512

7af0d515f89ace2b0daa15c3a7e7d0aeedf4d54f060a844cdd7b166dcc00ad86e759576e95db825f66ecbcba769f165b6ba45f37ad886296ffa2932a82a9a9ab
SSDEEP

3072:vXq0Xp3Xj7I5DJQm5CaEdM2Eqdmr/asXxSynRYei:fBjieachdo/DXxdRY

Score

10^/10

lumma collection discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

170e174a0818f7dc9a2827203fa9984fb5cbf40fe89075209ef603921e422ac0.exe

Resource

win10-20220812-en

lumma collection discovery persistence spyware stealer

windows10-1703-x64

30 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

77.73.134.68

Targets

- Target
  
  170e174a0818f7dc9a2827203fa9984fb5cbf40fe89075209ef603921e422ac0
- Size
  
  207KB
- MD5
  
  2629d882824682177464316e08824077
- SHA1
  
  da1863d4aff251dba95f4946b415a9121d6e2293
- SHA256
  
  170e174a0818f7dc9a2827203fa9984fb5cbf40fe89075209ef603921e422ac0
- SHA512
  
  7af0d515f89ace2b0daa15c3a7e7d0aeedf4d54f060a844cdd7b166dcc00ad86e759576e95db825f66ecbcba769f165b6ba45f37ad886296ffa2932a82a9a9ab
- SSDEEP
  
  3072:vXq0Xp3Xj7I5DJQm5CaEdM2Eqdmr/asXxSynRYei:fBjieachdo/DXxdRY
Score

10^/10

lumma collection discovery persistence spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummacollectiondiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy