Overview

overview

10

Static

static

1

ZenSoft.rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZenSoft.rar

  • Size

    55.5MB

  • Sample

    230802-saaj6agc8y

  • MD5

    fef4366e62bbc29b01880c212ff07ba3

  • SHA1

    c1a3bcc637cf3b579e4cdee0b5ef586f88e781ba

  • SHA256

    674d55f7282748c12aef8e867cb48c13538a451285232d0f814748e4a2dde396

  • SHA512

    76f37b69e5a4f8e2014e8b5423e7fe6748c6b469f736a09325df6b463ccd6a68a96752616fbad2ad5200adeb1344daac1ee0b3699cbc0ff920cc9c72fec37ad3

  • SSDEEP

    1572864:LJxifPAc0/vMJtn+Ov2Ym3UTIR7SKvpYOCBePf/JhMAH:i0/vul+Ov2YmfdRviwXt

Score
10/10
lummapersistencespywarestealer

Malware Config

Targets

    • Target

      ZenSoft.rar

    • Size

      55.5MB

    • MD5

      fef4366e62bbc29b01880c212ff07ba3

    • SHA1

      c1a3bcc637cf3b579e4cdee0b5ef586f88e781ba

    • SHA256

      674d55f7282748c12aef8e867cb48c13538a451285232d0f814748e4a2dde396

    • SHA512

      76f37b69e5a4f8e2014e8b5423e7fe6748c6b469f736a09325df6b463ccd6a68a96752616fbad2ad5200adeb1344daac1ee0b3699cbc0ff920cc9c72fec37ad3

    • SSDEEP

      1572864:LJxifPAc0/vMJtn+Ov2Ym3UTIR7SKvpYOCBePf/JhMAH:i0/vul+Ov2YmfdRviwXt

    Score
    10/10
    lummapersistencespywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks