Extracted

• • Target

    c210363cbccbc72e12118622bbbc7083.exe

  • Size

    144KB

  • MD5

    c210363cbccbc72e12118622bbbc7083

  • SHA1

    0305709f74dfee6377f62fa67f5addabcd00efea

  • SHA256

    e190e4156d84f4311c5a4b10471bc3465847d6f8aee11a3d7598ca70733a0b71

  • SHA512

    096cffcfd01e4685893c3e0c606cccab813b4c967f92b70b985fd958e8c49830e17719b60922c3328a792e6add315cc590f6a935735dac38eeadb734af284bdc

  • SSDEEP

    3072:TahKyd2n31ZC5NfvRC5Xv5lX+RXcMNAUjc3dfPRjTyHDn:TahOPKRk/+RXRjsPRa

  Score

  10^/10

  persistencelummadiscoveryspywarestealer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2