Overview

overview

10

Static

static

1

2fc17c5966...ee.exe

windows7-x64

10

2fc17c5966...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9800208795.zip

  • Size

    4.2MB

  • Sample

    230329-ns91hsgb48

  • MD5

    9bd220a2cd78e81231d692cdfefa7854

  • SHA1

    8827634a3f486a291d95bc7e44f92c2801697662

  • SHA256

    53d49f902b3077da8846e79d49b0b9cd780f781e76037dd23f77959c417a1fc9

  • SHA512

    bcdf0062d3abcead139a0fb57382f16eae604fafba92d1cdb4adcc368c74666c5e4e7e33447dc8af35decc4784b21dfced407b6e46e5039920339929ba7b3c9b

  • SSDEEP

    98304:c4Wg/430TzURJpHwQ3dwDs9LIoaDN3YAoi0MSU5qH/f:nW+T8Hr3myIoaWPMSWqX

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Extracted

Family

lumma

C2

82.118.23.50

Targets

    • Target

      2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee

    • Size

      313.3MB

    • MD5

      3f4533e8364f96b90d7fcb413fc8b57c

    • SHA1

      cca3ec3606de5b4973e47ca10ad36742fb3e18ab

    • SHA256

      2fc17c5966753c0b6fa31e15399fe8c7adf3f33785dfed3e9a7fae5c9040eaee

    • SHA512

      2027d0d09c928420d8cb54af252cef18c2582c4c0602cf7b49322d82c175d4a8a9687e179b907dfb787028f6e00272f458b768c319510e3b963a41ee1f4ef4db

    • SSDEEP

      98304:+cyNUURBkRBt1lHzdYnhdowc9cDbuHn5cFO:/ymURCzlHzdLK65D

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks