General

  • Target

    62dc8a1d0089e9a613f1d8b5200ea663

  • Size

    229KB

  • Sample

    240117-r134qahbal

  • MD5

    62dc8a1d0089e9a613f1d8b5200ea663

  • SHA1

    acfac3225fb90398f9c3688016caaf75809595be

  • SHA256

    ef901c2cee93ea299485c4411ce2e17eada697bc1bb8c839efd2c50a4bddd8e9

  • SHA512

    eb33a5fe1af67b43d13bf5fda1ba97510e9ce52487ba035338db7aca09ca081bb9dd2a81f58761999ed32725c5c91f70aa46c09c2b3aebd69ac2f4f4c004f133

  • SSDEEP

    6144:JoEdkmu85Dq+3qM3W7tfQN5/inEaMadDKNa1aILk71:ZkmDN6M3atfQunka1KNaTgJ

Malware Config

Targets

    • Target

      62dc8a1d0089e9a613f1d8b5200ea663

    • Size

      229KB

    • MD5

      62dc8a1d0089e9a613f1d8b5200ea663

    • SHA1

      acfac3225fb90398f9c3688016caaf75809595be

    • SHA256

      ef901c2cee93ea299485c4411ce2e17eada697bc1bb8c839efd2c50a4bddd8e9

    • SHA512

      eb33a5fe1af67b43d13bf5fda1ba97510e9ce52487ba035338db7aca09ca081bb9dd2a81f58761999ed32725c5c91f70aa46c09c2b3aebd69ac2f4f4c004f133

    • SSDEEP

      6144:JoEdkmu85Dq+3qM3W7tfQN5/inEaMadDKNa1aILk71:ZkmDN6M3atfQunka1KNaTgJ

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks