Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cff5657843fe7039f6e15fbfdb8728b1b752d66503d0564dbe5b3bb4c567a529

  • Size

    6.1MB

  • Sample

    240421-fgzreaca31

  • MD5

    ff48ea9f90dadf5201438b1e9de131b9

  • SHA1

    0adcbf8ef9f00875d10f4851fb8a2c23def7d1a4

  • SHA256

    cff5657843fe7039f6e15fbfdb8728b1b752d66503d0564dbe5b3bb4c567a529

  • SHA512

    1b4ac86e1315d8fe471aaa33eef9cac4809d48e1b949c1d6adb268b4b75038f8b716faa95575f9c89d98172259d09bad2cc3a85ae709e02d2ea9449b9cfe7d22

  • SSDEEP

    98304:YNw/Xb1EVZoSip8lfNLtiyIaHgEPUD1J9IxAwST07NqWifSpO16eKMi+tt3HkDMi:NQgp8FvFHz491SsYQ6r5+tt3BWH9RzKo

Score
10/10
lummastealervmprotect

Malware Config

Extracted

Family

lumma

C2

https://greetclassifytalk.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

    • Target

      cff5657843fe7039f6e15fbfdb8728b1b752d66503d0564dbe5b3bb4c567a529

    • Size

      6.1MB

    • MD5

      ff48ea9f90dadf5201438b1e9de131b9

    • SHA1

      0adcbf8ef9f00875d10f4851fb8a2c23def7d1a4

    • SHA256

      cff5657843fe7039f6e15fbfdb8728b1b752d66503d0564dbe5b3bb4c567a529

    • SHA512

      1b4ac86e1315d8fe471aaa33eef9cac4809d48e1b949c1d6adb268b4b75038f8b716faa95575f9c89d98172259d09bad2cc3a85ae709e02d2ea9449b9cfe7d22

    • SSDEEP

      98304:YNw/Xb1EVZoSip8lfNLtiyIaHgEPUD1J9IxAwST07NqWifSpO16eKMi+tt3HkDMi:NQgp8FvFHz491SsYQ6r5+tt3BWH9RzKo

    Score
    10/10
    lummastealervmprotect

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks