Extracted

• • Target

    Setup

  • Size

    154KB

  • MD5

    fbfe4e161a1f4a249fb5dd0b79755ca3

  • SHA1

    51e4dd8eb9b381a6385060f22fbb50016228b858

  • SHA256

    c384c2f5998845c9ab44484a3f8d8d0aa88b9cdb658d4e0250656354f1e351d7

  • SHA512

    a64ea7a919d833f01d14a249df3e99b2c2f762995459d508abcf20d4c9db1545c2c532b0674464a8f3e218781fe37feb660eebd2a90bdbc73be6244f3ec5d07c

  • SSDEEP

    3072:EIHm8ZyrTBcKLOuLLZaoA9V+hg3XcqyvMpzi70A7qqHpBelk:efLLZaoA9V+hg3XcqWMpzi70Auk

  Score

  10^/10

  lummaadwarediscoverypersistencestealer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies Installed Components in the registry

    persistence

  • Sets file execution options in registry

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Registers COM server for autorun

    persistence

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1