Overview

overview

10

Static

static

1

TBMSetup.exe

windows10-1703-x64

10

Resubmissions

17-04-2023 11:32

230417-nnjb1afe8t 10

29-03-2023 16:31

230329-t1wqraaf7z 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TBMSetup.zip

  • Size

    49.6MB

  • Sample

    230329-t1wqraaf7z

  • MD5

    dc210de60794e4dbf831bf489b197393

  • SHA1

    3293515cf0bd7c6265267f8bc61394b3a7d3515b

  • SHA256

    116dde572e8f5a226db39e4dfada33db7ac454017496c4cb215242bdeb96bf50

  • SHA512

    ef7f9e6cf0257b8460656fa1eec55c1bf4219d9fba88ace5085c465f8ea08bf616870ce8e026cde7378bdb3813968f31679ebd482fb0a7a7ebf55dc3528de3cc

  • SSDEEP

    1572864:PvXs2vSkD9i/O6GWE/D5C4p2tZ5AtKibQ7:37vRi/OiUvf1bQ7

Score
10/10
lummaspywarestealer

Malware Config

Targets

    • Target

      TBMSetup.exe

    • Size

      49.7MB

    • MD5

      0b9d7f87af8f634c59647aa7622aa08a

    • SHA1

      e8f6ef5cb9f7ce9e6e0b6045df84e86b618de2a0

    • SHA256

      3179ecd81c25dc7ceb0e66e0525b31826509398cf98a1302d829d1832d38dbb1

    • SHA512

      346ec51625e3562614bbc446429144d2fff7417f42440ec3708f61a226f1cfd17eee084a629225e47e942467fc61b89f1732196657b0556d2fc65ffa8bcd4d5f

    • SSDEEP

      1572864:dm8+bh8WfRD2IwYhsHT57xo8SM2+OzHI1Id7:d6SmJbZET5FzS7xo147

    Score
    10/10
    lummaspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks