General

  • Target

    pipe

  • Size

    235KB

  • Sample

    230331-ye6q2sch54

  • MD5

    0c1218c21d5f03592d06789897947806

  • SHA1

    b6cfa8fbb964c3049de005a5d6db9b69b8dcc3f2

  • SHA256

    1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209

  • SHA512

    64feff90f58b6abaaee5fd4491d5ae2ebb087aa688eac0d86e6d6f87be94b5b3d334c80f1248c8e20d0060d1232d0cdcfd2dfafd74c2ae8f3f0afc470bd017d4

  • SSDEEP

    6144:zI7mRVyEfCAQ9GWa+0KL13gzAetYq/ynpUs5l3qhKljVy44LTkC91cY4fj2YRfo9:E5a

Malware Config

Targets

    • Target

      pipe

    • Size

      235KB

    • MD5

      0c1218c21d5f03592d06789897947806

    • SHA1

      b6cfa8fbb964c3049de005a5d6db9b69b8dcc3f2

    • SHA256

      1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209

    • SHA512

      64feff90f58b6abaaee5fd4491d5ae2ebb087aa688eac0d86e6d6f87be94b5b3d334c80f1248c8e20d0060d1232d0cdcfd2dfafd74c2ae8f3f0afc470bd017d4

    • SSDEEP

      6144:zI7mRVyEfCAQ9GWa+0KL13gzAetYq/ynpUs5l3qhKljVy44LTkC91cY4fj2YRfo9:E5a

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks