Overview

overview

10

Static

static

3

c9bc11b075...9b.exe

windows7-x64

10

c9bc11b075...9b.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9bc11b07561209f9c71d7cc726d479b

  • Size

    692KB

  • Sample

    240314-12p3xsgg2x

  • MD5

    c9bc11b07561209f9c71d7cc726d479b

  • SHA1

    7172e904616dedf5c9e7183287b9b6b820b58ed6

  • SHA256

    2211b6aa3caac280e7024181baefd32f93fbd4d72287871884f044613deaeeb9

  • SHA512

    60c48c8afa764c19b739e542b7615ff459098a68533715ac4fbcd11e449b43c48d39d248fcf1f4b1feea5957eab5cd56a7c1c30ef48846b848c1bfd1b86fe20d

  • SSDEEP

    12288:0FS7oiFa42QuRdNxeylME3ZWIm241D9FMhY1JRib1XLDLWoshedyHb0hAGommL6r:07iA43OZOE0I3IGYHUNIhedy7QAGoJo

Score
10/10
lummaevasionstealertrojan

Malware Config

Targets

    • Target

      c9bc11b07561209f9c71d7cc726d479b

    • Size

      692KB

    • MD5

      c9bc11b07561209f9c71d7cc726d479b

    • SHA1

      7172e904616dedf5c9e7183287b9b6b820b58ed6

    • SHA256

      2211b6aa3caac280e7024181baefd32f93fbd4d72287871884f044613deaeeb9

    • SHA512

      60c48c8afa764c19b739e542b7615ff459098a68533715ac4fbcd11e449b43c48d39d248fcf1f4b1feea5957eab5cd56a7c1c30ef48846b848c1bfd1b86fe20d

    • SSDEEP

      12288:0FS7oiFa42QuRdNxeylME3ZWIm241D9FMhY1JRib1XLDLWoshedyHb0hAGommL6r:07iA43OZOE0I3IGYHUNIhedy7QAGoJo

    Score
    10/10
    lummaevasionstealertrojan

    • Detect Lumma Stealer payload V4

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Modifies security service

      evasion

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks