General

  • Target

    bde381f14548f261d83a4154c304a587.bin

  • Size

    68.8MB

  • Sample

    230423-cewp7abh2s

  • MD5

    bde381f14548f261d83a4154c304a587

  • SHA1

    5e9f02f638e0c43fe3a81719a24aa5f6c23f3207

  • SHA256

    26c7ce5bacab66d7649e957c28ec0cfdd0b9ebdd4c38b0846341d793ffe397ee

  • SHA512

    038c24daecc14edefb87b4f8a4012f540937ed3306f475d86883ba06063e4f49b434d3a061a2183e24dedef22c475661b1ab5dacc0228397589b10155d4ea50a

  • SSDEEP

    1572864:HjddGvZyiETJJBthhAQaRAVvhHUzqkbeIq6o3Lu7fC+EECym0LC:DGvI3HzmQ++Z8qkbeIqz3Lu7fAOLC

Score
10/10

Malware Config

Targets

    • Target

      bde381f14548f261d83a4154c304a587.bin

    • Size

      68.8MB

    • MD5

      bde381f14548f261d83a4154c304a587

    • SHA1

      5e9f02f638e0c43fe3a81719a24aa5f6c23f3207

    • SHA256

      26c7ce5bacab66d7649e957c28ec0cfdd0b9ebdd4c38b0846341d793ffe397ee

    • SHA512

      038c24daecc14edefb87b4f8a4012f540937ed3306f475d86883ba06063e4f49b434d3a061a2183e24dedef22c475661b1ab5dacc0228397589b10155d4ea50a

    • SSDEEP

      1572864:HjddGvZyiETJJBthhAQaRAVvhHUzqkbeIq6o3Lu7fC+EECym0LC:DGvI3HzmQ++Z8qkbeIqz3Lu7fAOLC

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks