General

  • Target

    a22f400ce87664d7f5c214600509fcb3

  • Size

    228KB

  • Sample

    240224-svysgsgc8y

  • MD5

    a22f400ce87664d7f5c214600509fcb3

  • SHA1

    5a807ef099b4b71e7043d0380723becb98cb6f28

  • SHA256

    25534defb0d6daa1b4989a1aa4f4029b8333fbb31e67a90e96080bd7f365493c

  • SHA512

    874ab03464ae78e092c224c2356fbbaa15bb66e7d4fd95138ef36dcca75910aff1d80d8dcc7c01b63a493344a1b89c514e21eb6cc317541cc047293941d68d29

  • SSDEEP

    6144:OoEdkmu85Dq+3qM3W7tfQN5/inEaMadDKNa1aILk71:MkmDN6M3atfQunka1KNaTgJ

Malware Config

Targets

    • Target

      a22f400ce87664d7f5c214600509fcb3

    • Size

      228KB

    • MD5

      a22f400ce87664d7f5c214600509fcb3

    • SHA1

      5a807ef099b4b71e7043d0380723becb98cb6f28

    • SHA256

      25534defb0d6daa1b4989a1aa4f4029b8333fbb31e67a90e96080bd7f365493c

    • SHA512

      874ab03464ae78e092c224c2356fbbaa15bb66e7d4fd95138ef36dcca75910aff1d80d8dcc7c01b63a493344a1b89c514e21eb6cc317541cc047293941d68d29

    • SSDEEP

      6144:OoEdkmu85Dq+3qM3W7tfQN5/inEaMadDKNa1aILk71:MkmDN6M3atfQunka1KNaTgJ

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks