Overview

overview

10

Static

static

1

tsurugihime.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tsurugihime.exe

  • Size

    56.5MB

  • Sample

    230323-1b76taac53

  • MD5

    556e07b053b09d782627d08bb945def8

  • SHA1

    1555dd0f104b8580303acb6143ffb7ef06b281c2

  • SHA256

    ef52de89306ffa8d2789dc93ec66cd686da80b51867606a45b1cbede2b1accc7

  • SHA512

    cd46badc97e4e81929be9ffc2b7e5059a5025714cd3e13314a8229bb8ccbceac7d26dbbfd7dae41983ca3de08fe9a03a84d278372b1fd81496529035846fe66d

  • SSDEEP

    786432:F7v+nGMHGwpylDk63Da9HYhJaImWbjWxsbU1jOgSD1kpcJbAzxd5useld7oWvCM/:WG8pF63OWbjOKUkJ5Azx/AsNJOEMRIU7

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Targets

    • Target

      tsurugihime.exe

    • Size

      56.5MB

    • MD5

      556e07b053b09d782627d08bb945def8

    • SHA1

      1555dd0f104b8580303acb6143ffb7ef06b281c2

    • SHA256

      ef52de89306ffa8d2789dc93ec66cd686da80b51867606a45b1cbede2b1accc7

    • SHA512

      cd46badc97e4e81929be9ffc2b7e5059a5025714cd3e13314a8229bb8ccbceac7d26dbbfd7dae41983ca3de08fe9a03a84d278372b1fd81496529035846fe66d

    • SSDEEP

      786432:F7v+nGMHGwpylDk63Da9HYhJaImWbjWxsbU1jOgSD1kpcJbAzxd5useld7oWvCM/:WG8pF63OWbjOKUkJ5Azx/AsNJOEMRIU7

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Network Service Scanning

1
T1046

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks