Overview

overview

10

Static

static

1

e7cf16e7e4...e7.exe

windows7-x64

10

e7cf16e7e4...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7cf16e7e4fac1aafb98e10b36c5b129df9a372d03bdebcc5cb77f7bb1139be7.zip

  • Size

    273KB

  • Sample

    230321-r1gwgsdd2t

  • MD5

    b7f0f33612ab29df3735dcfb45ca6c29

  • SHA1

    1465d5d90239a509f854278c83fa8a7768fd5540

  • SHA256

    64b5712a8c70246666bb8f150afc104a213b5847f762819d0418dbc10d6fa4f2

  • SHA512

    4197c84fcb46f3798f4b40eff315a415e98c5cf169399abceb2634df6873d8dbc14d9eeee0129be715f192f22de4f5f1bb71dc966becabbfde849d5c7dc3b264

  • SSDEEP

    6144:C/pHW5Bl6X6EwqodODdGRXWdDDCVThbhMsuCMDsvembce6EOXD:C/8Blc6mGOYRXWitNMLBsmmbce6Es

Score
10/10
lummaspywarestealer

Malware Config

Extracted

Family

lumma

C2

45.9.74.78

Targets

    • Target

      e7cf16e7e4fac1aafb98e10b36c5b129df9a372d03bdebcc5cb77f7bb1139be7.exe

    • Size

      1.7MB

    • MD5

      b329525d2d62f10d7a8fdb25bb9d9a43

    • SHA1

      43190e85312bd69cda8c094a0085ea188832bbbc

    • SHA256

      e7cf16e7e4fac1aafb98e10b36c5b129df9a372d03bdebcc5cb77f7bb1139be7

    • SHA512

      053f1ff542bf1ac0bbbfc4f320c62cc5b63092f7ff0b882c0d7d8bf7b3a3609c42b817d2d527f9f8841035d5883eea91676b93fbc60779d68d119ee1e1460ad1

    • SSDEEP

      6144:8GeEeHycW2dJDPEu0asM763jnJioXhbDJOTulPkkKeYBtEloF:

    Score
    10/10
    lummastealerspyware

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks