Overview

overview

10

Static

static

1

didntask.png

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    didntask.png

  • Size

    119KB

  • Sample

    230331-w3f47adg31

  • MD5

    380f85eda8adfd33e6f9f8b58d118736

  • SHA1

    b863d8e3f33eba1e7398fb8b2313626b3b9dd861

  • SHA256

    e1bb47fb71b112080ee1adad8cb3998c85f39e6714103340ff653208df0552a8

  • SHA512

    8397a31f6f4c03601152f54e7c9d77a0a0c6b2fec6718263bac8451f848aa4e2c2eefebb6f5d37cac6c98e43e0ca4a50d137ff4728722bac4d9f678a0a4e2854

  • SSDEEP

    3072:g3z+lMJKuOc+q68tvsBZ9x6RfZYnmhnWQg7cCnSy:SzsYTx2ZmRfZAjQg7cCnSy

Score
10/10
lummapersistencestealer

Malware Config

Targets

    • Target

      didntask.png

    • Size

      119KB

    • MD5

      380f85eda8adfd33e6f9f8b58d118736

    • SHA1

      b863d8e3f33eba1e7398fb8b2313626b3b9dd861

    • SHA256

      e1bb47fb71b112080ee1adad8cb3998c85f39e6714103340ff653208df0552a8

    • SHA512

      8397a31f6f4c03601152f54e7c9d77a0a0c6b2fec6718263bac8451f848aa4e2c2eefebb6f5d37cac6c98e43e0ca4a50d137ff4728722bac4d9f678a0a4e2854

    • SSDEEP

      3072:g3z+lMJKuOc+q68tvsBZ9x6RfZYnmhnWQg7cCnSy:SzsYTx2ZmRfZAjQg7cCnSy

    Score
    10/10
    lummapersistencestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks