General

  • Target

    a4e3087914d632a9eed8598b635934d4

  • Size

    201KB

  • Sample

    240225-3m18ragc51

  • MD5

    a4e3087914d632a9eed8598b635934d4

  • SHA1

    51f1a7237e62d3e39f6cd16264fe8466e0345e7f

  • SHA256

    e928c5a73ba10e696b2c332c7034b3680363dd54fbee53f75f834858c00af4d6

  • SHA512

    f14e6049c39a84d4f59e8dabb60001098a9b232197dca0e20be748bcea31fd4249579d1d3870548aab88037774c4c6d9bf446aa66cc1d0eb1eb82ae0e61a8d33

  • SSDEEP

    6144:hS2rqqsQdAfYmbPH2DVJ0vmzwvP6bQ7yMP+DE827bn6x:sZqtAI6vH6b7MP+Dd2/W

Malware Config

Targets

    • Target

      a4e3087914d632a9eed8598b635934d4

    • Size

      201KB

    • MD5

      a4e3087914d632a9eed8598b635934d4

    • SHA1

      51f1a7237e62d3e39f6cd16264fe8466e0345e7f

    • SHA256

      e928c5a73ba10e696b2c332c7034b3680363dd54fbee53f75f834858c00af4d6

    • SHA512

      f14e6049c39a84d4f59e8dabb60001098a9b232197dca0e20be748bcea31fd4249579d1d3870548aab88037774c4c6d9bf446aa66cc1d0eb1eb82ae0e61a8d33

    • SSDEEP

      6144:hS2rqqsQdAfYmbPH2DVJ0vmzwvP6bQ7yMP+DE827bn6x:sZqtAI6vH6b7MP+Dd2/W

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks