Overview

overview

10

Static

static

1

WLL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WLL.exe

  • Size

    237.5MB

  • Sample

    230314-x98y8ahe45

  • MD5

    45c3c92e8c6dfc181a7954255f330639

  • SHA1

    25015fd40b77d04fcabc8061f6f3bbfb5b624f51

  • SHA256

    ff02e3eb4835a210fc2271ad923a256c01cdedcb5c8f26fa228b0536334275e2

  • SHA512

    eb4d0865217248101257046be94c5c21f9331e8503f16b0fc3cf7fc5a9aeed2bf3a394d00c7bf6d7e893cfb8f99573021e456ab2f3d310f1d02a3ab44a3e31d8

  • SSDEEP

    6291456:UkLq2Dv22k5kMnkdOWKhXt9Xld9wqyxTi80VEcZ/GY:XLq+dghXt9Vd3yxtng

Score
10/10
lummastealer

Malware Config

Targets

    • Target

      WLL.exe

    • Size

      237.5MB

    • MD5

      45c3c92e8c6dfc181a7954255f330639

    • SHA1

      25015fd40b77d04fcabc8061f6f3bbfb5b624f51

    • SHA256

      ff02e3eb4835a210fc2271ad923a256c01cdedcb5c8f26fa228b0536334275e2

    • SHA512

      eb4d0865217248101257046be94c5c21f9331e8503f16b0fc3cf7fc5a9aeed2bf3a394d00c7bf6d7e893cfb8f99573021e456ab2f3d310f1d02a3ab44a3e31d8

    • SSDEEP

      6291456:UkLq2Dv22k5kMnkdOWKhXt9Xld9wqyxTi80VEcZ/GY:XLq+dghXt9Vd3yxtng

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks