General

  • Target

    LeagVMT.zip

  • Size

    63.8MB

  • Sample

    230423-dlldgacc2y

  • MD5

    d382c76c8f4ca48a5140cef32266d6e0

  • SHA1

    f2acad0a91fba0d2f56937df6186332c2bb9e108

  • SHA256

    22442e5679620f7f9b88c438f16e15ccefa81f877a99a977be657055ebb365db

  • SHA512

    9b573d997be9f0950fd86e8c4390d7fdd53e00b7506838b85d2de0224aabc6b38f70ea9dd0f56bcc57f09cf8ab6453ac7ac80e6d2e8963eb7d7d35c073747363

  • SSDEEP

    1572864:Jp/ZVVDLcQ+alvBTzg2Wofn0evz7FUIxqRCKbnAmo9WPj4ktFt70+3:3hDLF3v5zgIPPiWa82PPt70W

Score
10/10

Malware Config

Targets

    • Target

      LeagVMT.exe

    • Size

      63.9MB

    • MD5

      b2032e59b7c8e8a2c49409864ce97776

    • SHA1

      c6d7a89041cb8b49c0d73b1c7e857f50a5b95695

    • SHA256

      44f87cbf92a7bdec1d370f457da017924e66bcdbeaac0cc0c81e9dd4baeeb949

    • SHA512

      1fcd7e54cf54011a48f9c1abddb7073983dd098bd4d1165f8b0766dc6364d4e8d8b3d64c825eab9f9f5f846ff5dd2cb62cecc6082d43e61fd47ed636c7e61635

    • SSDEEP

      1572864:rjddrbWuWkCNjizYkqEpRO4vrbpwIJGzmC5js2c9KxvyQ2tbXAw1:vfW5RjizYKTHeKMuqxGbXAQ

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks