General
-
Target
Ronawind Setup.exe
-
Size
49.7MB
-
Sample
230331-qblmpshe99
-
MD5
d770489b68679e558dd44bcd272808d5
-
SHA1
fecf3a673bbdf113ccd898e86e73b8107e2d7186
-
SHA256
c5b20a8483b5d374f7c95df703869b58ab377413c1d01f4ad5a020796c4efdaa
-
SHA512
d5e2fd7a47abe1d947947e069c3866edfade2ff8897c4fb39b4f095050516b165c2542d60fd881f28e99ee3a88b5948f5f3dbfa63d31fd16908b1fdbdf7fa98f
-
SSDEEP
786432:wp8ehJaImWlZuEl+zWxoISnYhspl78uiKplppa0o8SM2riBEnT0mNZOG9O7C7:FWfRD2IwYhsHT57xo8SM2+OzZ/I+7
Malware Config
Targets
-
-
Target
Ronawind Setup.exe
-
Size
49.7MB
-
MD5
d770489b68679e558dd44bcd272808d5
-
SHA1
fecf3a673bbdf113ccd898e86e73b8107e2d7186
-
SHA256
c5b20a8483b5d374f7c95df703869b58ab377413c1d01f4ad5a020796c4efdaa
-
SHA512
d5e2fd7a47abe1d947947e069c3866edfade2ff8897c4fb39b4f095050516b165c2542d60fd881f28e99ee3a88b5948f5f3dbfa63d31fd16908b1fdbdf7fa98f
-
SSDEEP
786432:wp8ehJaImWlZuEl+zWxoISnYhspl78uiKplppa0o8SM2riBEnT0mNZOG9O7C7:FWfRD2IwYhsHT57xo8SM2+OzZ/I+7
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-