Overview

overview

10

Static

static

1

2fc17c5966...ee.exe

windows7-x64

10

2fc17c5966...ee.exe

windows10-2004-x64

10

Resubmissions

24-04-2023 14:27

230424-rsnn3aea6x 10

28-03-2023 17:26

230328-vz3y4sdh2x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee.exe

  • Size

    313.3MB

  • Sample

    230328-vz3y4sdh2x

  • MD5

    3f4533e8364f96b90d7fcb413fc8b57c

  • SHA1

    cca3ec3606de5b4973e47ca10ad36742fb3e18ab

  • SHA256

    2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee

  • SHA512

    2027d0d09c928420d8cb54af252cef18c2582c4c0602cf7b49322d82c175d4a8a9687e179b907dfb787028f6e00272f458b768c319510e3b963a41ee1f4ef4db

  • SSDEEP

    98304:+cyNUURBkRBt1lHzdYnhdowc9cDbuHn5cFO:/ymURCzlHzdLK65D

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Extracted

Family

lumma

C2

82.118.23.50

Targets

    • Target

      2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee.exe

    • Size

      313.3MB

    • MD5

      3f4533e8364f96b90d7fcb413fc8b57c

    • SHA1

      cca3ec3606de5b4973e47ca10ad36742fb3e18ab

    • SHA256

      2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee

    • SHA512

      2027d0d09c928420d8cb54af252cef18c2582c4c0602cf7b49322d82c175d4a8a9687e179b907dfb787028f6e00272f458b768c319510e3b963a41ee1f4ef4db

    • SSDEEP

      98304:+cyNUURBkRBt1lHzdYnhdowc9cDbuHn5cFO:/ymURCzlHzdLK65D

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks