lumma | 84537b3be0537542f894d4885cc18e7cc284c6ecce239ed0337ced63f83699e0 | Triage

Submit
Reports

Overview

overview

Static

static

7

GOG_Galaxy...II.exe

windows7-x64

GOG_Galaxy...II.exe

windows10-2004-x64

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

GOG_Galaxy_Crusader_Kings_II.exe
Size

495KB
Sample

230615-y2f4xaah7s
MD5

519020bb4341ffa2b1ee1e64217518f6
SHA1

b8c040c7ecbe2e1602d5adcd187bb36f8fcfac0c
SHA256

84537b3be0537542f894d4885cc18e7cc284c6ecce239ed0337ced63f83699e0
SHA512

5450c3610bb67009bff5c8dc3f3568242555aed7de62f11b4e9af2384a6efae453536b664a0621d4837166c0d3fc43d4e65901af940d5551a4414702674dc0cd
SSDEEP

12288:EVJ0MMxVAwKu36IwU+VLM8zuW7NPX2+r5E:oOMMxj/x+lLiW5f5ru

Score

10^/10

lumma discovery evasion persistence stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

GOG_Galaxy_Crusader_Kings_II.exe

Resource

win7-20230220-en

lumma discovery evasion persistence stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

GOG_Galaxy_Crusader_Kings_II.exe

Resource

win10v2004-20230220-en

lumma discovery evasion persistence stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral3

Sample

out.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

out.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  GOG_Galaxy_Crusader_Kings_II.exe
- Size
  
  495KB
- MD5
  
  519020bb4341ffa2b1ee1e64217518f6
- SHA1
  
  b8c040c7ecbe2e1602d5adcd187bb36f8fcfac0c
- SHA256
  
  84537b3be0537542f894d4885cc18e7cc284c6ecce239ed0337ced63f83699e0
- SHA512
  
  5450c3610bb67009bff5c8dc3f3568242555aed7de62f11b4e9af2384a6efae453536b664a0621d4837166c0d3fc43d4e65901af940d5551a4414702674dc0cd
- SSDEEP
  
  12288:EVJ0MMxVAwKu36IwU+VLM8zuW7NPX2+r5E:oOMMxj/x+lLiW5f5ru
Score

10^/10

lumma discovery evasion persistence stealer trojan upx
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  out.upx
- Size
  
  973KB
- MD5
  
  f028828edbb205114fe841dd54468938
- SHA1
  
  008d56d71deee5f2c43214d53dee3b7561a78a37
- SHA256
  
  b0231e8fc0fb95a26372da2c690249be2947738e252cec0d746f456532431578
- SHA512
  
  b2f6434ba488a723321e34a5423ec8a97db137634261041cb2afaeb2494ee728a81a1836fc4183efe81bbe2a6ad29460960a63de4700ddf8fb9bf96fac962ebb
- SSDEEP
  
  24576:ana6hN7a3KpChGFyZThAoNHip0xm1LEcw1Df5ruHDY2aS:a7a3KpChGFyZFbwpr1Clf5rNS
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionpersistencestealertrojanupx

behavioral2

lummadiscoveryevasionpersistencestealertrojanupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy