Overview

overview

10

Static

static

1

Lutrix.exe

windows7-x64

10

Lutrix.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lutrix.exe

  • Size

    4.5MB

  • Sample

    230310-2vbsdshe2v

  • MD5

    8a0dfeea924d5faf4025d9ac7aa393a4

  • SHA1

    1da14c08a5f6c6b7efc4ddf4ba8087de7578c1e4

  • SHA256

    2c329e073c0332b62859ee25d3953388d521961a5731d43633a948459c2a80fc

  • SHA512

    b4b752d2b16616f62074890ed5483f5944cf5d578ba5d802da2eafa1c550e2595e87245ad91d93ec7a7401980efe885065f08d5e58d41889778c08b52c978361

  • SSDEEP

    49152:jjk7QkVV6AtEz7BYU8+/391+SUAx5lPqy4U/m4HccJYAYbEr8vzTwSgO79Ku:jjk7StYUjvllq4/mZ1AYbEr8F

Score
10/10
lummaspywarestealer

Malware Config

Extracted

Family

lumma

C2

45.9.74.78

Targets

    • Target

      Lutrix.exe

    • Size

      4.5MB

    • MD5

      8a0dfeea924d5faf4025d9ac7aa393a4

    • SHA1

      1da14c08a5f6c6b7efc4ddf4ba8087de7578c1e4

    • SHA256

      2c329e073c0332b62859ee25d3953388d521961a5731d43633a948459c2a80fc

    • SHA512

      b4b752d2b16616f62074890ed5483f5944cf5d578ba5d802da2eafa1c550e2595e87245ad91d93ec7a7401980efe885065f08d5e58d41889778c08b52c978361

    • SSDEEP

      49152:jjk7QkVV6AtEz7BYU8+/391+SUAx5lPqy4U/m4HccJYAYbEr8vzTwSgO79Ku:jjk7StYUjvllq4/mZ1AYbEr8F

    Score
    10/10
    lummastealerspyware

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks