Overview

overview

10

Static

static

10

35da3c297e...7d.exe

windows7-x64

10

35da3c297e...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35da3c297e61921f3937ac550fcbcbb6e8b8332933112b5b5a5c994c5ae1127d.zip

  • Size

    3.4MB

  • Sample

    230321-r1fy7abc54

  • MD5

    e96d41c5a7ff3b63583518b3eb8dddd5

  • SHA1

    455e7b1f3acaff715454211549e1643b68879b30

  • SHA256

    e76d951971518c981ddf72654abf7c10c658fe6edd603969613a2845ec341a5c

  • SHA512

    8ffaca69df4268342ee781bb83d5a23f3072a26b240caf1746acd232a9f7b920c9595c544f16ec5c9a89aabccf53fef009f8005a539033fca955563d44cf40f2

  • SSDEEP

    98304:1Ils8tOYPprWFVFVJa98rGwN1q2XE59ilU:1IlsChreFVJaZwNceE5UK

Score
10/10
lummaspywarestealer

Malware Config

Extracted

Family

lumma

C2

82.118.23.50

Targets

    • Target

      35da3c297e61921f3937ac550fcbcbb6e8b8332933112b5b5a5c994c5ae1127d.exe

    • Size

      6.6MB

    • MD5

      3beca7c27060ec4d5b08447c9485b6e5

    • SHA1

      bd5f951c3e4439a07fe9ae592521515662a3f897

    • SHA256

      35da3c297e61921f3937ac550fcbcbb6e8b8332933112b5b5a5c994c5ae1127d

    • SHA512

      d1a25b374ff1ae0992b76aa413947612f964b3fe3fc783b8c02586cabc240de7c80735d0f802776751eabdfcdd71a1fe50423627f1e3259c28a366a852515558

    • SSDEEP

      98304:WWpMCfGPcv+y18rNBI4FKn9XBD3qt2Rnrtx:WkHAtnQ953qt2

    Score
    10/10
    lummastealerspyware

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks