lumma | 1d6b7413e684f70103aca0e6b259dda9728c2d7b8ce2c07d6068232e6a26aba8 | Triage

Submit
Reports

Overview

overview

Static

static

1

pcworldx64...xe.lnk

windows7-x64

8

pcworldx64...xe.lnk

windows10-2004-x64

Sharing

General

Target

1d6b7413e684f70103aca0e6b259dda9728c2d7b8ce2c07d6068232e6a26aba8.rar
Size

10.0MB
Sample

230322-dcrh5aee48
MD5

42ba5580d4769cc04927cb87d6e8741f
SHA1

609b0876f2aebf4305af89f328cf5cd1acc1d5f4
SHA256

1d6b7413e684f70103aca0e6b259dda9728c2d7b8ce2c07d6068232e6a26aba8
SHA512

7e2b76755368e0edcae366bcfb49964fb1d9dbaf7de7d2fede457e68804ad3038184f1ebab6d2b2fc1a403515d836f9a69d022a1a21a15f0fc91b30a46d07f89
SSDEEP

196608:lR6krlqiwUpcED67rIBxn4UxYu9kWj9jZSajmL+A3LXFwrrnPGm9Mz0Q:lR6krlsW7BBtquz9SajmLHKrjGmLQ

Score

10^/10

lumma evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

pcworldx64installer/Setup_x64.exe.lnk

Resource

win7-20230220-en

evasion persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

pcworldx64installer/Setup_x64.exe.lnk

Resource

win10v2004-20230220-en

lumma evasion persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  pcworldx64installer/Setup_x64.exe.lnk
- Size
  
  1KB
- MD5
  
  b1b6eb2189e0f3d7ecfea63baafca452
- SHA1
  
  af279896cf4ec2c487e5599759cee19bdd0d84b6
- SHA256
  
  0bbeb529931ee10f4cde96b33689c45b0406b3b33a55d4a0341fac2e67749b55
- SHA512
  
  b1dbf2144f13d08b7a62a7fc24681f6c8c324b56eb4048da64836ab2d83efed80c80acc9f06e44de02ddcdb31a4eefa9f244447b128d1d73cacf583eb17f66a2
Score

10^/10

evasion persistence lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

lummaevasionpersistencespywarestealer

© 2018-2024

Terms | Privacy