Overview

overview

10

Static

static

1

WeMod-Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WeMod-Setup.exe

  • Size

    141KB

  • Sample

    230319-x56nasbh5s

  • MD5

    b6e5acac13e4f7695bf826e68366368b

  • SHA1

    454af45810cbb6545800966ff5f91e73112cbf9a

  • SHA256

    3eff67f0b703c5c7602b29469005ea1b9f20c8899473b45a2c02ef9c229dfa0e

  • SHA512

    18e38603d34f715ba6f3db2ed5e79a2126c10379e024c20058a3ef1eb7f961bdb69c0e7df7fedf03e9787fb6819028e980414aff11ea324ec62ad4264e8ec362

  • SSDEEP

    3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score
10/10
lummadiscoverystealer

Malware Config

Targets

    • Target

      WeMod-Setup.exe

    • Size

      141KB

    • MD5

      b6e5acac13e4f7695bf826e68366368b

    • SHA1

      454af45810cbb6545800966ff5f91e73112cbf9a

    • SHA256

      3eff67f0b703c5c7602b29469005ea1b9f20c8899473b45a2c02ef9c229dfa0e

    • SHA512

      18e38603d34f715ba6f3db2ed5e79a2126c10379e024c20058a3ef1eb7f961bdb69c0e7df7fedf03e9787fb6819028e980414aff11ea324ec62ad4264e8ec362

    • SSDEEP

      3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks