Overview

overview

10

Static

static

3

dhhIdA.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dhhIdA.exe

  • Size

    66.0MB

  • Sample

    230918-wm5gvadg78

  • MD5

    52da46f946d207163f9eb4f7b06a7d94

  • SHA1

    94023200ce3be39cf153bb63ada70f6f3e909edd

  • SHA256

    61ce2b1aa16abfbfc96d9d150e0d1611dfc54b59445630e1522587f11872b9c0

  • SHA512

    ca483500b606d570a292c72041a8201d808405d0eb13199b1399d3f08840db03f5057f07cd321e5272ad87140ecc218cb0b4fc27785bb0526ebc8329515b66be

  • SSDEEP

    1572864:YrziNx5qilZeScj+E4OGHCBJKZ2LHQUEebzuTgs5eiPFU7:zx5qiKNJ4EPKSHXKgCeUFU7

Score
10/10
lummaspywarestealer

Malware Config

Targets

    • Target

      dhhIdA.exe

    • Size

      66.0MB

    • MD5

      52da46f946d207163f9eb4f7b06a7d94

    • SHA1

      94023200ce3be39cf153bb63ada70f6f3e909edd

    • SHA256

      61ce2b1aa16abfbfc96d9d150e0d1611dfc54b59445630e1522587f11872b9c0

    • SHA512

      ca483500b606d570a292c72041a8201d808405d0eb13199b1399d3f08840db03f5057f07cd321e5272ad87140ecc218cb0b4fc27785bb0526ebc8329515b66be

    • SSDEEP

      1572864:YrziNx5qilZeScj+E4OGHCBJKZ2LHQUEebzuTgs5eiPFU7:zx5qiKNJ4EPKSHXKgCeUFU7

    Score
    10/10
    lummaspywarestealer

    • Detect Lumma Stealer payload V2

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks