Resubmissions

22-04-2023 06:31

230422-g974xsfa7v 10

22-04-2023 06:25

230422-g6x5jsfa51 8

General

  • Target

    krnl_beta.exe

  • Size

    1.8MB

  • Sample

    230422-g974xsfa7v

  • MD5

    3701dc535fb395d6a1fb557a3aeec5e9

  • SHA1

    ef517659229ddc6ecfc02481c3953ac9322dae35

  • SHA256

    ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

  • SHA512

    20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

  • SSDEEP

    49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score
10/10

Malware Config

Targets

    • Target

      krnl_beta.exe

    • Size

      1.8MB

    • MD5

      3701dc535fb395d6a1fb557a3aeec5e9

    • SHA1

      ef517659229ddc6ecfc02481c3953ac9322dae35

    • SHA256

      ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

    • SHA512

      20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

    • SSDEEP

      49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks