lumma | 7770460af723b96b885cdc0e7b1e8a53de94b09803a56b75f4428bc124ec05ca | Triage

Submit
Reports

Overview

overview

Static

static

1

MSlAfterbu...tN.exe

windows7-x64

MSlAfterbu...tN.exe

windows10-2004-x64

Sharing

General

Target

MSlAfterburnerSetN.zip
Size

55.0MB
Sample

230322-shlbmabd7x
MD5

288b46fe66cad2554a782285d50e2512
SHA1

b24b3df8be13eb43cb8d0ac93557b3d1d543dc99
SHA256

7770460af723b96b885cdc0e7b1e8a53de94b09803a56b75f4428bc124ec05ca
SHA512

36315b8bd14676a3573bcf54437710418c30aacf4e4586b4ec8d3f42348f24009ba990dde5a6cb4590985e91816a5292ef672f4857d2f0ee8d59a4562322da32
SSDEEP

98304:fsSpI4iC3g1IbC9I568h4aKr0ftYy4upRDLdJk:fsv4iTXlFwftYy4A5Lr

Score

10^/10

lumma discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MSlAfterburnerSetN.exe

Resource

win7-20230220-en

lumma discovery spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

MSlAfterburnerSetN.exe

Resource

win10v2004-20230220-en

lumma discovery spyware stealer

windows10-2004-x64

7 signatures

300 seconds

Malware Config

Targets

- Target
  
  MSlAfterburnerSetN.exe
- Size
  
  1106.2MB
- MD5
  
  6572cd67de5dbb17be10850fa2f3d03d
- SHA1
  
  64173e285196815b7c13e5e773fef93702a8a770
- SHA256
  
  895456501f4c1c4b0ebbb25bc9f439aa59fc3115cf44f4ec5f548afe292866b7
- SHA512
  
  55eb6bef7f65ecb7e46dde3616a3a9148f2e2176a72d74694e4960c7eb19aac9723da3d7938377fbe022c17a2013788048f79f2742809d3fe24e8376cee5b6ba
- SSDEEP
  
  24576:Vc7GT2VA6+YruLD4fblEMXdTH8TzTnY9MVVTUyd8xoyh:VcM2x+YruPuXdTH8bY6VVgmE/
Score

10^/10

lumma discovery spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummadiscoveryspywarestealer

behavioral2

lummadiscoveryspywarestealer

© 2018-2024

Terms | Privacy