General

  • Target

    58cf2363e116afaf132320fe2579d78b

  • Size

    731KB

  • Sample

    240113-nk839aaaf8

  • MD5

    58cf2363e116afaf132320fe2579d78b

  • SHA1

    7f68b0d58f850ab68cf959d451923643800a8eca

  • SHA256

    336281b66807e88877fd4765f219e2cb267113ef04bbcdc8dfcc57c49cb68729

  • SHA512

    eaccc8cc07c88da450eb1a8be57cb8d40de0fb319435fed4432a2c4e489c500b2bd44f9cdb4ba5164444ba78b6eea7006b982d9d2d71e4872068872d03e14237

  • SSDEEP

    12288:6k0Azc0YoCVw4xQHrPJ79mgGw/XLW+6Rr9CYBb4Th8FS25ZLtW:6pf0bCV9aHR0hw/Xu8esQXW

Score
10/10

Malware Config

Targets

    • Target

      58cf2363e116afaf132320fe2579d78b

    • Size

      731KB

    • MD5

      58cf2363e116afaf132320fe2579d78b

    • SHA1

      7f68b0d58f850ab68cf959d451923643800a8eca

    • SHA256

      336281b66807e88877fd4765f219e2cb267113ef04bbcdc8dfcc57c49cb68729

    • SHA512

      eaccc8cc07c88da450eb1a8be57cb8d40de0fb319435fed4432a2c4e489c500b2bd44f9cdb4ba5164444ba78b6eea7006b982d9d2d71e4872068872d03e14237

    • SSDEEP

      12288:6k0Azc0YoCVw4xQHrPJ79mgGw/XLW+6Rr9CYBb4Th8FS25ZLtW:6pf0bCV9aHR0hw/Xu8esQXW

    Score
    10/10
    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Modifies security service

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks