Overview

overview

10

Static

static

3

3f843f9cf9...47.exe

windows7-x64

1

3f843f9cf9...47.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.zip

  • Size

    232KB

  • Sample

    240402-mqma1afh66

  • MD5

    6289b09f4051771003e982bba9ce0bc5

  • SHA1

    8503bbca552a53956b7f982539397bd15b8498ea

  • SHA256

    d5dda89060c1331ba083be2555ac0a63a5c4bcd56dec9aa40bd4f325439140e5

  • SHA512

    b740962542cab6410cffafe5c6c1d785bdc9ce68d3a0cfdbbafa8896b740f6b996d6c192fd6a4a9d2618d5a8e496d1ca1d8dd0ef4d8974b93619ea509276afc5

  • SSDEEP

    6144:IOYztZqguyP/+eB/PiLJEZKpXZqtUpTasWOGuUpwDpIrcw:FYztZqguyP/v/P2UKpXZXHSuDar9

Score
10/10
lummadiscoveryspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://wagonglidemonkywo.shop/api

Targets

    • Target

      3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047.exe

    • Size

      319KB

    • MD5

      30732747ca33bd37a757c90aada0c604

    • SHA1

      b175606037f75bc349b5221aa999334d961c471b

    • SHA256

      3f843f9cf9346c56f29bceee03b9512d84a92bd94b7b6f4ee668bc4a6e3f8047

    • SHA512

      a672d0d573a3cb2fcb06db975ae3d34ae820f7c14c8e6ce24a1d63da511ff7bb3aaeb331026441729e3def6a9625e444b36e6b2a7d76072ebf08a6e5416980a1

    • SSDEEP

      6144:DuTgT9kw0NZk9gAGkgAcYjd56miof1AjoM0kkrBS9F:JTKw4ZWg6cYjd55ih8RkkrAF

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks