lumma | 1013ad1290523f5417ed789d11900f8ae804c0d81ed60af75684039fb06223b8 | Triage

Submit
Reports

Overview

overview

Static

static

3

f9bb522ae0...18.exe

windows7-x64

f9bb522ae0...18.exe

windows10-2004-x64

7

Sharing

General

Target

f9bb522ae0a4aa47a6d94bc99e215bb6_JaffaCakes118
Size

1.8MB
Sample

240419-hhrhjacb41
MD5

f9bb522ae0a4aa47a6d94bc99e215bb6
SHA1

665c41342fa5b963bb29fc78b27fd6798ceb3f4f
SHA256

1013ad1290523f5417ed789d11900f8ae804c0d81ed60af75684039fb06223b8
SHA512

6a16c60bb872ddfca4d522bd87ebee7010a135287923081a7bf93c3bd3e0805353c241f13634c86523a8e19958a4dd63c81bbbfa63b6a7ec33f67b949415ef8d
SSDEEP

49152:pJ2G79v/xSHzBJ6WC+j2bpW+6Q4GIPs7eBl3au:pJ2G7J/xSKWmbp9F4Gr

Score

10^/10

lumma metasploit backdoor evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f9bb522ae0a4aa47a6d94bc99e215bb6_JaffaCakes118.exe

Resource

win7-20240220-en

lumma metasploit backdoor evasion stealer themida trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9bb522ae0a4aa47a6d94bc99e215bb6_JaffaCakes118.exe

Resource

win10v2004-20240226-en

evasion themida

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  f9bb522ae0a4aa47a6d94bc99e215bb6_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  f9bb522ae0a4aa47a6d94bc99e215bb6
- SHA1
  
  665c41342fa5b963bb29fc78b27fd6798ceb3f4f
- SHA256
  
  1013ad1290523f5417ed789d11900f8ae804c0d81ed60af75684039fb06223b8
- SHA512
  
  6a16c60bb872ddfca4d522bd87ebee7010a135287923081a7bf93c3bd3e0805353c241f13634c86523a8e19958a4dd63c81bbbfa63b6a7ec33f67b949415ef8d
- SSDEEP
  
  49152:pJ2G79v/xSHzBJ6WC+j2bpW+6Q4GIPs7eBl3au:pJ2G7J/xSKWmbp9F4Gr
Score

10^/10

lumma metasploit backdoor evasion stealer themida trojan
- Detect Lumma Stealer payload V4
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies security service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummametasploitbackdoorevasionstealerthemidatrojan

behavioral2

© 2018-2024

Terms | Privacy