lumma | a3ae0e066665b3209e6f5d4195201c839c5b58a698cb53e31d5dd1efbb467e03 | Triage

Submit
Reports

Overview

overview

Static

static

1

TeraBox_sl...15.exe

windows7-x64

TeraBox_sl...15.exe

windows10-2004-x64

Sharing

General

Target

TeraBox_sl_c_1.17.0.15.exe
Size

84.3MB
Sample

230423-e9x8lscf6y
MD5

51a20b31858d5db4642014b2e7d36d13
SHA1

b967116a1005898007be9b0fbb996013da63e595
SHA256

a3ae0e066665b3209e6f5d4195201c839c5b58a698cb53e31d5dd1efbb467e03
SHA512

ca7755ff18e031234e6c9b4980a16212435ddd21e850136fdb001b8cfd7679474a1e2555ac173dd5957cdde71923cfd9aed87cefded452f9ec819540f6b1fa79
SSDEEP

1572864:MbaKmbV87UwAuiIHCWJKQ9bYVH5VNG/e7Q14/AA7mW58heb/141vJ:MO84cJz945VNHQ7Yr1Ih

Score

10^/10

lumma zloader botnet discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TeraBox_sl_c_1.17.0.15.exe

Resource

win7-20230220-en

zloader botnet discovery persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

TeraBox_sl_c_1.17.0.15.exe

Resource

win10v2004-20230220-en

lumma discovery persistence stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  TeraBox_sl_c_1.17.0.15.exe
- Size
  
  84.3MB
- MD5
  
  51a20b31858d5db4642014b2e7d36d13
- SHA1
  
  b967116a1005898007be9b0fbb996013da63e595
- SHA256
  
  a3ae0e066665b3209e6f5d4195201c839c5b58a698cb53e31d5dd1efbb467e03
- SHA512
  
  ca7755ff18e031234e6c9b4980a16212435ddd21e850136fdb001b8cfd7679474a1e2555ac173dd5957cdde71923cfd9aed87cefded452f9ec819540f6b1fa79
- SSDEEP
  
  1572864:MbaKmbV87UwAuiIHCWJKQ9bYVH5VNG/e7Q14/AA7mW58heb/141vJ:MO84cJz945VNHQ7Yr1Ih
Score

10^/10

zloader botnet discovery persistence trojan lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloaderbotnetdiscoverypersistencetrojan

behavioral2

lummadiscoverypersistencestealer

© 2018-2024

Terms | Privacy