Overview

overview

10

Static

static

3

levelcompu...er.exe

windows7-x64

7

levelcompu...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    levelcomputer.zip

  • Size

    192.4MB

  • Sample

    230825-v21lrsff7x

  • MD5

    74d03d288cc198e4f6fa230796375d2b

  • SHA1

    238b730dcbbccab6d8aa785822ea9431177820e4

  • SHA256

    96f35b8f39ac3630a9c58f2621bb0cfce873b69c5a1c2a40612130076e07a533

  • SHA512

    8241b6e5df937ff02a681e6adf2eee7ea6ef43bcb4ee3e1e8ca1a64d340024bf03642e00caad882f4b67ca4d333185b98174d3bc37987be6e95cf3cb1b98dff9

  • SSDEEP

    6291456:lh6R2N0ql+RPOPSTyA4BgxFTiNZtibKjADZ:lQR2KDPuSTCgxFWZUKy

Score
10/10
lummapersistencestealer

Malware Config

Targets

    • Target

      levelcomputer/levelcomputer.exe

    • Size

      192.4MB

    • MD5

      760e4dfcad56f67f80ec4b2def63de69

    • SHA1

      0af7b525ac681f37e6e2d80864a5884d1ff76711

    • SHA256

      86a046300c03712f3d07e9c0e50369937b77a7e8183f3e40574da5de7fc5ce6e

    • SHA512

      bdfeb7e1ce7dc861c853708675024f16ef301081f1cb1e8dc31d7f772d8950984b13e973fbbf1d5ca9b10a28b3e8d6de4da5ef33a6f729be462d2d7119acc705

    • SSDEEP

      6291456:RwNK18un4nZCbavGsedutVPsHdPa1UlcF:6NK6tZ6avyutVmd0U

    Score
    10/10
    persistencelummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks