Overview

overview

10

Static

static

3

66694f7dcb...84.exe

windows7-x64

7

66694f7dcb...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4e12ccaabddc9024adda74dacadb681.bin

  • Size

    2.3MB

  • Sample

    240104-clfybaehhr

  • MD5

    4d68a75eddd8eed32a6b269beaaffe75

  • SHA1

    d7dfd3e24ec43d384cffd92a09e883cdf8cc77ba

  • SHA256

    20b41d5a67097cc35f91a0a2c47857d556df939825465e5ac197dd1c5e33f71e

  • SHA512

    f272ced6e6876f64a2b3f41cd5932aa91859f512499d4cbb7cd279f9d0bf6a4105b07c64523a38c9f20a6e764795c90e8d6d137b03b74b739dfeda76f233629b

  • SSDEEP

    49152:phdZso1XFaE+QwYv+gLp1+IagPsDo8Cc+rrfUIJOxN1lIYwiYevbYTnTt1nJtsyc:pfZso1kExLD+bb080rraxgiYevbYTTta

Score
10/10
lummapersistencestealer

Malware Config

Targets

    • Target

      66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384.exe

    • Size

      2.4MB

    • MD5

      f4e12ccaabddc9024adda74dacadb681

    • SHA1

      672e1c2b35cd863c6bcc281604893ec78f168cc5

    • SHA256

      66694f7dcb467cd242471f76c58bc236c458761d22bcb4682a07605e0d7bd384

    • SHA512

      8440b414f02769db73b07db6a5ae57f92b783a1694cd4ebae738771ffdb5656dd295a3235499e5f9401ff08584b8736bacff0848252f10b3bb55d492ac8725b9

    • SSDEEP

      49152:xLuYoz262V1lcg/2aRdbDwvDoo/LaKsc8hwwefPmynPnWiy2wf:Uz+blcg/2+dsjPq3g3P/y2s

    Score
    10/10
    persistencelummastealer

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks