General

  • Target

    Dangerous tool setup.exe

  • Size

    69.0MB

  • Sample

    230502-b9lb9sbb9v

  • MD5

    923cf5b4f9724e51f94bc104713e1b48

  • SHA1

    16d5a2329c61adac925e42169fe4a39dc31d617f

  • SHA256

    f7b781bd8c88df7ad14e3f976eeab7c2785cd2dcf133b2194ffbf02c165a6809

  • SHA512

    1f327be0f468c1e1b0ee052ded24eda826e1d7432380e7f98027477bd9b3fd89cc6142c8dccbf2ae580d3d611c06c08196d65b384acb32a503c4353a16ea0e3f

  • SSDEEP

    1572864:HjddGvDUySn2nJBLVu5JCwl0wo1ie3od5zky6o/k77:DGvDUyRnHRKMdl1j3odF4v77

Score
10/10

Malware Config

Targets

    • Target

      Dangerous tool setup.exe

    • Size

      69.0MB

    • MD5

      923cf5b4f9724e51f94bc104713e1b48

    • SHA1

      16d5a2329c61adac925e42169fe4a39dc31d617f

    • SHA256

      f7b781bd8c88df7ad14e3f976eeab7c2785cd2dcf133b2194ffbf02c165a6809

    • SHA512

      1f327be0f468c1e1b0ee052ded24eda826e1d7432380e7f98027477bd9b3fd89cc6142c8dccbf2ae580d3d611c06c08196d65b384acb32a503c4353a16ea0e3f

    • SSDEEP

      1572864:HjddGvDUySn2nJBLVu5JCwl0wo1ie3od5zky6o/k77:DGvDUyRnHRKMdl1j3odF4v77

    Score
    10/10
    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks