Overview

overview

10

Static

static

3

191d7ada02...4f.exe

windows7-x64

10

191d7ada02...4f.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    191d7ada02b0f6247d9d79c90dd1ba4f.exe

  • Size

    713KB

  • Sample

    240103-sd4x6sfdap

  • MD5

    191d7ada02b0f6247d9d79c90dd1ba4f

  • SHA1

    9ce95ee50035278f5f907564af7e6f3ac45aa0fb

  • SHA256

    d03f26bdb118df71987e9035ed71e095a5b28fbe3dde7828c3e5e3a0b9cb0a87

  • SHA512

    3538d7cc1947c96cb37cd45d61bb4e0ce499408a36a377fa1a5e73344bb0f51b60e0db4f1bb67e57c060bdb3f166ca45a61a27bfb35d5a65988a1cf2975dad6b

  • SSDEEP

    12288:PkyYv9AC+6zQ5Sac7WaCx/QeYJ6aAiOFUkmz+Ho7jAmcz3LWFYNXAxtyFLQy4mXw:PLghM5oRNAiO/27jczKONEwQy4mXeZU+

Score
10/10
lummaevasionstealer

Malware Config

Targets

    • Target

      191d7ada02b0f6247d9d79c90dd1ba4f.exe

    • Size

      713KB

    • MD5

      191d7ada02b0f6247d9d79c90dd1ba4f

    • SHA1

      9ce95ee50035278f5f907564af7e6f3ac45aa0fb

    • SHA256

      d03f26bdb118df71987e9035ed71e095a5b28fbe3dde7828c3e5e3a0b9cb0a87

    • SHA512

      3538d7cc1947c96cb37cd45d61bb4e0ce499408a36a377fa1a5e73344bb0f51b60e0db4f1bb67e57c060bdb3f166ca45a61a27bfb35d5a65988a1cf2975dad6b

    • SSDEEP

      12288:PkyYv9AC+6zQ5Sac7WaCx/QeYJ6aAiOFUkmz+Ho7jAmcz3LWFYNXAxtyFLQy4mXw:PLghM5oRNAiO/27jczKONEwQy4mXeZU+

    Score
    10/10
    lummaevasionstealer

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Modifies security service

      evasion

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks