lumma | bb943a4b69a11e38ae79651edb071f57da2c9989d6b840eae5efcd4e722d774d

Sharing

Copy URL

Twitter E-mail

General

Target

Spotify Actualizado.rar
Size

1.3MB
Sample

230326-qg7gcsgf36
MD5

55e94263d46fd2379a9738ede36d2055
SHA1

433c3c435fae5c25616154fad407bec4bd92596a
SHA256

bb943a4b69a11e38ae79651edb071f57da2c9989d6b840eae5efcd4e722d774d
SHA512

6eef26faf9ec917a9f6fa2ded093f64de21c57e708f97337cace25e6147d63c041ad10d4f697f68e6ad1382679fb79b14f2b3ab53340c6b015094101febbd308
SSDEEP

24576:roSvg0j5Jr1dCeM5EQJMT4VOF1Kgratfyw/q1xg12tm6frOlorhh+np6:DtJr1keMKTbCcsWxich+p6

Score

10^/10

Malware Config

Targets

- Target
  
  Spotify Actualizado.rar
- Size
  
  1.3MB
- MD5
  
  55e94263d46fd2379a9738ede36d2055
- SHA1
  
  433c3c435fae5c25616154fad407bec4bd92596a
- SHA256
  
  bb943a4b69a11e38ae79651edb071f57da2c9989d6b840eae5efcd4e722d774d
- SHA512
  
  6eef26faf9ec917a9f6fa2ded093f64de21c57e708f97337cace25e6147d63c041ad10d4f697f68e6ad1382679fb79b14f2b3ab53340c6b015094101febbd308
- SSDEEP
  
  24576:roSvg0j5Jr1dCeM5EQJMT4VOF1Kgratfyw/q1xg12tm6frOlorhh+np6:DtJr1keMKTbCcsWxich+p6
Score

3^/10
behavioral1 behavioral2
- Target
  
  Spotify/Block/.gitattributes
- Size
  
  69B
- MD5
  
  a60998f2bdceb6dfbd10561cd1099bf9
- SHA1
  
  08c7d5a6c27799b4be69c4c6ad0aa332b6e037e6
- SHA256
  
  004cbdfbd561e8d6a165861780db733123edeeb9ea94167254335da6e93d01b9
- SHA512
  
  f6e28ca49903064740c5b0bf5925cfe69ae8f49ea7d12b95dd127b111521489ee036d76d0b4bfe6e948a97a20c8fa027ac396db8453f424ed5401f27965eb587
Score

3^/10
behavioral3 behavioral4
- Target
  
  Spotify/Block/.github/ISSUE_TEMPLATE/bug_report.md
- Size
  
  1KB
- MD5
  
  aed55bd61cdb899f1c1d9c9e51cbf540
- SHA1
  
  d5f241118d0f61d55ffa84e4894c9b4cca90abf9
- SHA256
  
  5a95bfec65458a1244a7d967b28c2aed70593d73775951b98d1eb985d5d5e558
- SHA512
  
  ca50106d1707f994abe0a983c172ede2f861de839ffe1d5e16c3a6befc69061136bf06eb0327765e03a458e879f2e9dad160d852d6fa95e35126de6f0c4d18f8
Score

3^/10
behavioral5 behavioral6
- Target
  
  Spotify/Block/.gitignore
- Size
  
  457B
- MD5
  
  2ad0280756873607cd00d9a34745e866
- SHA1
  
  43267c959e1bade8285b6000561ced65ca93aeea
- SHA256
  
  c7c1799d127b08ab2b70dc355137adfd2f29eba7f281a9461c69cb2e0545d64c
- SHA512
  
  e186525f03f096d2b28417c134ded80e3fb6e9a46fa5c1e80a0628f992edeb4915b12b6b567483ca9eec1fedefa1ec9b3603ac204d3cc725c0063c52bb93a4f8
Score

3^/10
behavioral7 behavioral8
- Target
  
  Spotify/Block/BlockTheSpot.bat
- Size
  
  179B
- MD5
  
  c8a02d2ca0e333fc5aaa003ec36d252e
- SHA1
  
  3bdeb7a8715fb37063f5298d17ca5ba3529c2fc5
- SHA256
  
  72e4df5d74a0941cdfa21467a9cf0002ff1aafe9ab8cba37eb7901ce0d7d091a
- SHA512
  
  cad4289d4e363433edf579f1507fc1479474b11b0db34ef300905cf76cbae5531680dd325eea9347c7b325f73c277528b799b46610585b28cb2d5e6ac1e875f3
Score

8^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9
- Target
  
  Spotify/Block/LICENSE
- Size
  
  1KB
- MD5
  
  b6f9960b5bbaa2cfc4553bfe266d5486
- SHA1
  
  c0791c9584031e7c8b54e686a9f6070f44bb6b15
- SHA256
  
  38fe99bbe878ac73e7ea0de04655e339c8a24fbd679df5c65a8c12629395322f
- SHA512
  
  65354e899c4be62bcb211569b5168072b700327af2b82efb3af453713def06c4c7aea537f0ba71b169cf76057829521d63e3bcfbf0212a5754c8013540a5d46b
Score

1^/10
behavioral11 behavioral12
- Target
  
  Spotify/Block/README.md
- Size
  
  3KB
- MD5
  
  baab820fefe5b5082749472b2c26346e
- SHA1
  
  5bb717d1856e4a04fbd352c42921d8776451cc6e
- SHA256
  
  fbd3ba7a76d383371e640778818f956d7e8e5632589e293f402d8111d40173a3
- SHA512
  
  5a9600901c7bc413343227de6df34fb09f47f9beb890cd5c9fd7372697fb31edd8ffa34a5b585b876faa547f6e648dc2ff565be921975edf2a759308af24db14
Score

1^/10
behavioral13 behavioral14
- Target
  
  Spotify/Block/config.ini
- Size
  
  109B
- MD5
  
  c0e89e7f4e4c3ac6cff13e042b06c5a8
- SHA1
  
  5380f631ab457a0e81bab1d0723147aed8dd9f07
- SHA256
  
  02af7cc426010c43f106b5a4e76652238b5e5edcc8fd7bb11fa67b322e5b306d
- SHA512
  
  4a11b3ba9796108754c738bbb538dfa95b0b1ccd3a4767cffcaa42e371bc95e6a5d57594fa38e80e14447f3e2fa203dcf014c8ad36b98b109f61cb73dc98345e
Score

1^/10
behavioral15 behavioral16
- Target
  
  Spotify/Block/install.ps1
- Size
  
  4KB
- MD5
  
  d6391efb89ccc420774799bb0185e609
- SHA1
  
  63d2b12fad84b0391cbfe00b485261f9d76ec139
- SHA256
  
  0930f42793685aaa781840f88b91b8115ad3787ebb394f29799b8266fc422eb1
- SHA512
  
  114f133f766ee0e3eebd238dfc805223f45784313ada4eb66f1e1769074cefd19bf7fedce1ede7a505e9082679678c29cab0a74ff952fa8baf58e372bb6f9435
- SSDEEP
  
  96:LwehM7b5L50xpkc6IGKcLfLpUyPsNZuy3eW22Nx6YJ:LwrbR50xpG1btEZuGNoYJ
Score

10^/10

lumma discovery stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral17 behavioral18
- Target
  
  Spotify/Block/src/BlockTheSpot.cpp
- Size
  
  1KB
- MD5
  
  f46e046efda0bb167a0036e5168ee34a
- SHA1
  
  8ab3756e491f041c6f3d23ad0bf3e8741bef39a2
- SHA256
  
  651b345a56e2e594d6ef536cc23356be907e187f0f4859c1078741be8c40a993
- SHA512
  
  0ae72234b341ed3aa6843c51dfdc68a3038bc326874a6f313f295e18e1b4670f5540b1f7855dd44519588fb7a0d8c2c72a7c19780305662db362b842a2fec6e1
Score

3^/10
behavioral19 behavioral20
- Target
  
  Spotify/Block/src/BlockTheSpot.vcxproj
- Size
  
  6KB
- MD5
  
  f45a6e1a7de6fbaa4faac8fb6dc386b9
- SHA1
  
  34ed4ead7515b11d52e18335df722ea758a9eb7c
- SHA256
  
  ffc109bf6a968a51c917879704e6de5674a32f71a4cd776b77e513921029097b
- SHA512
  
  c168b5fac5f6aa28d2ee1ecac9b42349967c9ca2fa95edd1288da104090fc360740623e4a5b2108917952d900db724fc03c2ae9cea31f4dea9d682a8856c77b2
- SSDEEP
  
  96:ep+P7CfpUYU/d3yaLqyaL3AeyM/BAdjWTR+ucHc3QC:YQzn7M/2WTT3d
Score

3^/10
behavioral21 behavioral22
- Target
  
  Spotify/Block/src/BlockTheSpot.vcxproj.filters
- Size
  
  2KB
- MD5
  
  1010b5847c92285dfe1459dc252df035
- SHA1
  
  48558e48880df8bf07cb4bc37b15bce7aaf449ed
- SHA256
  
  600e2eeb1cc862db8a18863689f99d6a3d224acdafefb0d79f15de1d5081dbe6
- SHA512
  
  977f3ed42c9e4bb861a7684af985b52e24a249883f6121071398c18474a3f00006f38648838bd2be3aa35bf923a6c52848518442ec679ff2c5661785999b0369
Score

3^/10
behavioral23 behavioral24
- Target
  
  Spotify/Block/src/BlockTheSpot.vcxproj.user
- Size
  
  165B
- MD5
  
  b97115c31582bcb2b6ab5f6f834db248
- SHA1
  
  f75316dc9ee719d300a59bcb8a0f92b26c66b6ba
- SHA256
  
  c65b2b1a71dcd26333d8dc209ffeb90a906ddd8bbab6d45dada8e3bc84c30226
- SHA512
  
  d585275eb78134367cec02a2104256966c7505e0c5c622ddcc188503191cf4ce5d61ed34fff889063fbc4b4860214008557082fe559ffe9cc4d147e2717c0c22
Score

3^/10
behavioral25 behavioral26
- Target
  
  Spotify/Block/src/Config.h
- Size
  
  768B
- MD5
  
  5fdf73eb00d44a585446ec8e6fd306f2
- SHA1
  
  da480d00ea0cb5c77b48bb13b853ead8c61d8bf9
- SHA256
  
  65c13c7e76db2a62e12d37e8121f3841b55bdffada2ab4237122134b47b04133
- SHA512
  
  a38804ad51f81b90dc1164d9c90c14c6e75ab5a3bb244e1b07a8c6e8e5b28c6f45f56db1680729fffa335854f486086bb69403c09a464a97923f09642415c3cd
Score

3^/10
behavioral27 behavioral28
- Target
  
  Spotify/Block/src/Logger.h
- Size
  
  598B
- MD5
  
  a7cbf757b651bd3564121d5194261c8a
- SHA1
  
  1ab36fb81d47e8cb5606156ce48f2a9a7782a9c8
- SHA256
  
  1d42c5ba22af74196385f388ea8c5e38516241541c222a3566348014b3b0e2c3
- SHA512
  
  0ce76882526a40ac0a9cab7b64a60c05dd6eff0ca840a82a4151270220cd27295feebaa40f6b001c076de862e4e9732dcfe4705ee6feb3fc7b29b192301a9846
Score

3^/10
behavioral29 behavioral30
- Target
  
  Spotify/Block/src/Modify.cpp
- Size
  
  2KB
- MD5
  
  f26c0c7289e782f4959863065cdc8ec7
- SHA1
  
  df9483186999c6c27263c7e32664247f39a0b9b6
- SHA256
  
  f92729d3b8327304bdcc9f41aa370dcddb50ff6aaa3ad8d6b761959a2bab34de
- SHA512
  
  3f31fea1b764a65cd2724ed382e7c524a78f23da1ec34529a3c53fb8ec2792120fbdcd2017d6547e9578aa907ae319be632775d9aa7d23a62ba71f6ab62ac851
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Lumma Stealer

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32