Overview

overview

10

Static

static

1

lazzarus.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    lazzarus.rar

  • Size

    53.3MB

  • Sample

    230417-w5wyesfe96

  • MD5

    39eea7bf96f841c9e698991acdd0b7a9

  • SHA1

    ae737ed240152884f4049cd7956219b77ad8dba3

  • SHA256

    b90d21ae65af5c56804312b3ac83648723b63ecfe96056c01d25cd1f55a8a9c8

  • SHA512

    2f35497e4f40ebb9d95676503ab0110973209664af4dc09f99a2a3e656fcd861162630133e8e7f35c4c873ad5b985ccaf7f55038010156df9f242013d1dfb647

  • SSDEEP

    1572864:EtaLfP/VI5bxVCMqE36qbfibit5aVki694U:rLW69e005a904U

Score
10/10
lummaspywarestealer

Malware Config

Targets

    • Target

      lazzarus.exe

    • Size

      53.3MB

    • MD5

      d31379b477b5270f951b6470b3e8c66d

    • SHA1

      d4fc099ac006f8bf3b1a5ef7286d41244a3fac3c

    • SHA256

      7ef5706cd34e2a4f57930ff6dc4527c2a2d552bfcb97d630a6ce6d152dc42a72

    • SHA512

      9a89cb220fafb802ff34a97f0e57b78c0367fd90b31a854fa3fea19535719c6b5de11dbc66777c7b1128f1593fa6f482262b3492493c5d6a1f20111443c39be8

    • SSDEEP

      786432:+oRDw/eODya1O/hJa6tDPis2QaDJ/YL7a8ScjEzYk95SqpVhlgXlukvQ+qDq7:zU/eO+aUtD66wYfa8DIznCqbIQtm7

    Score
    10/10
    lummaspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks