Overview

overview

10

Static

static

1

pcworldx64...xe.lnk

windows7-x64

8

pcworldx64...xe.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d6b7413e684f70103aca0e6b259dda9728c2d7b8ce2c07d6068232e6a26aba8.rar

  • Size

    10.0MB

  • Sample

    230322-dcrh5aee48

  • MD5

    42ba5580d4769cc04927cb87d6e8741f

  • SHA1

    609b0876f2aebf4305af89f328cf5cd1acc1d5f4

  • SHA256

    1d6b7413e684f70103aca0e6b259dda9728c2d7b8ce2c07d6068232e6a26aba8

  • SHA512

    7e2b76755368e0edcae366bcfb49964fb1d9dbaf7de7d2fede457e68804ad3038184f1ebab6d2b2fc1a403515d836f9a69d022a1a21a15f0fc91b30a46d07f89

  • SSDEEP

    196608:lR6krlqiwUpcED67rIBxn4UxYu9kWj9jZSajmL+A3LXFwrrnPGm9Mz0Q:lR6krlsW7BBtquz9SajmLHKrjGmLQ

Score
10/10
lummaevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      pcworldx64installer/Setup_x64.exe.lnk

    • Size

      1KB

    • MD5

      b1b6eb2189e0f3d7ecfea63baafca452

    • SHA1

      af279896cf4ec2c487e5599759cee19bdd0d84b6

    • SHA256

      0bbeb529931ee10f4cde96b33689c45b0406b3b33a55d4a0341fac2e67749b55

    • SHA512

      b1dbf2144f13d08b7a62a7fc24681f6c8c324b56eb4048da64836ab2d83efed80c80acc9f06e44de02ddcdb31a4eefa9f244447b128d1d73cacf583eb17f66a2

    Score
    10/10
    evasionpersistencelummaspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks