lumma | d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5 | Triage

Submit
Reports

Overview

overview

Static

static

1

YoudaoDictSetup.exe

windows7-x64

YoudaoDictSetup.exe

windows10-2004-x64

7

Sharing

General

Target

YoudaoDictSetup.exe
Size

97.8MB
Sample

230313-gw8hjagg97
MD5

6851728f39fd719cec8c2eee551d941e
SHA1

c63c9ab520598bd66ffbb3ef507e49558e0c0fd5
SHA256

d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5
SHA512

5bfe296b0a81065ccbb716bc37f4ccd11e8deb819763d07adb49342ed19670316a2766a1d5ded65ff56be58efa9585506d29069a1d2f9a1250a2ee1b5a9eaa7e
SSDEEP

3145728:UqMak7c+EtNngenOOZHQXvqlQ8iA1X6tSiIRys0:wAPtlxR2aQ8NN6teyT

Score

10^/10

lumma discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

YoudaoDictSetup.exe

Resource

win7-20230220-en

lumma discovery persistence stealer

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral2

Sample

YoudaoDictSetup.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

2 signatures

1800 seconds

Malware Config

Targets

- Target
  
  YoudaoDictSetup.exe
- Size
  
  97.8MB
- MD5
  
  6851728f39fd719cec8c2eee551d941e
- SHA1
  
  c63c9ab520598bd66ffbb3ef507e49558e0c0fd5
- SHA256
  
  d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5
- SHA512
  
  5bfe296b0a81065ccbb716bc37f4ccd11e8deb819763d07adb49342ed19670316a2766a1d5ded65ff56be58efa9585506d29069a1d2f9a1250a2ee1b5a9eaa7e
- SSDEEP
  
  3145728:UqMak7c+EtNngenOOZHQXvqlQ8iA1X6tSiIRys0:wAPtlxR2aQ8NN6teyT
Score

10^/10

lumma discovery persistence stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummadiscoverypersistencestealer

behavioral2

© 2018-2024

Terms | Privacy