lumma | 05263375ffe64e8586c78e8e435007bff1f2a42684d48378eee68c07ba54a80e

General

Target

277f441499c1fb9ddf4d462c3b443b9e
Size

4.2MB
Sample

231231-epwt2sfhaj
MD5

277f441499c1fb9ddf4d462c3b443b9e
SHA1

5cf5da3598e4cf139f6e6ffb9a4d32e49ac9321a
SHA256

05263375ffe64e8586c78e8e435007bff1f2a42684d48378eee68c07ba54a80e
SHA512

0ce74ab987eaf7371f79c22afcc16e319781ee7a7fcdcd995fff402788fbaa0e132df529db6e804549556f332ad8d8828e48b7ca8b27a7da22feadc21c09f871
SSDEEP

98304:pKHcMsDndy6iiHrjZE2/mkCUGP18szyTJr:w8dDlNLjpmkC/18ouJr

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  277f441499c1fb9ddf4d462c3b443b9e
- Size
  
  4.2MB
- MD5
  
  277f441499c1fb9ddf4d462c3b443b9e
- SHA1
  
  5cf5da3598e4cf139f6e6ffb9a4d32e49ac9321a
- SHA256
  
  05263375ffe64e8586c78e8e435007bff1f2a42684d48378eee68c07ba54a80e
- SHA512
  
  0ce74ab987eaf7371f79c22afcc16e319781ee7a7fcdcd995fff402788fbaa0e132df529db6e804549556f332ad8d8828e48b7ca8b27a7da22feadc21c09f871
- SSDEEP
  
  98304:pKHcMsDndy6iiHrjZE2/mkCUGP18szyTJr:w8dDlNLjpmkC/18ouJr
Score

10^/10

lumma metasploit backdoor evasion stealer themida trojan upx
- Detect Lumma Stealer payload V4
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Lumma Stealer payload V4

Lumma Stealer

MetaSploit

Checks computer location settings

Executes dropped EXE

Identifies Wine through registry keys

Loads dropped DLL

Themida packer

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2