lumma | 9612513d09fc8ebc3ae8e1dccb4d3232a367c4301342540e36475629ab804ecb | Triage

Submit
Reports

Overview

overview

Static

static

1

casemates_...up.exe

windows7-x64

casemates_...up.exe

windows10-2004-x64

Sharing

General

Target

case_mates_setup.zip
Size

49.5MB
Sample

230330-gmpztscf5s
MD5

7579d258bd3811079bf6d5f660bdc109
SHA1

141babe65b22a2bf48bce208d62e7792c42a48fe
SHA256

9612513d09fc8ebc3ae8e1dccb4d3232a367c4301342540e36475629ab804ecb
SHA512

bfaf9ae82b689a91dc3e24de1f08531bbdc2603e14b4f6de93d7a2fd53a6a325d6e2b1f0e83b3b08e5d3487856d190b5f8e6de3938eefc6be0583bf6ddad1dd4
SSDEEP

1572864:vI+yGBQX8dvx2jPest4xTUYT4V6LzwZu2FNcAeJK:AhGy8ujeK4xw16Lp2EJK

Score

10^/10

lumma spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

casemates_setup/casemates_setup.exe

Resource

win7-20230220-en

lumma spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

casemates_setup/casemates_setup.exe

Resource

win10v2004-20230220-en

lumma spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  casemates_setup/casemates_setup.exe
- Size
  
  49.6MB
- MD5
  
  936e3efd805c51192bc1e80b83e966b3
- SHA1
  
  8dc2b110af02e5de327387339ee61fd5534d3dce
- SHA256
  
  ac12ef8809513c96d24afb89886fe47ec7e1bf23e32beb92463929d11ae15be9
- SHA512
  
  8c9f962792f3289f7f45ff0b9a564b8e4391cd7f573e2ced23a76c0394949f052cfc11939a293d7b70a25ce4f1256ef674cc2a1e8aae73b3cb80ec7fbfd34a9e
- SSDEEP
  
  786432:uFan3+ebz4lE9Mabj67T/vqkhEtH/K7zkDSdFc3QuRqAUb2iyGHMUhCTl/irG7:iy3+e/4uOanY7CkhASWSstinCcrG7
Score

10^/10

lumma spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lummaspywarestealer

behavioral2

lummaspywarestealer

© 2018-2024

Terms | Privacy