Overview

overview

10

Static

static

3

2024-04-24...er.exe

windows7-x64

1

2024-04-24...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-24_fd09d779314b96903f5e3ff6c27ce8d5_magniber

  • Size

    13.4MB

  • Sample

    240424-qt8vysag7x

  • MD5

    fd09d779314b96903f5e3ff6c27ce8d5

  • SHA1

    8edf0094f78382493b299992ab2d626e1abbf4c8

  • SHA256

    af14faa83ef43be891fd0e87d3cce5d37d90d372e8892b2a98c5eda8e67ca727

  • SHA512

    454854085073a214fd0642b786e4918aae9674e197a4dc1185de45b3bc31342d8f426a7ee2060cfb563c5daec4cec61a46058cc9be2d18040615f85aba5d530a

  • SSDEEP

    196608:dYAgzUvRdvzUGZkof8M3hBiIEo0LMkxa3VFVUPRE7Yrwr1rXrrr/rirur/rTrXrv:ZPvzfvf8MviIEooMsa3WM

Score
10/10
lummapersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://palmeventeryjusk.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

    • Target

      2024-04-24_fd09d779314b96903f5e3ff6c27ce8d5_magniber

    • Size

      13.4MB

    • MD5

      fd09d779314b96903f5e3ff6c27ce8d5

    • SHA1

      8edf0094f78382493b299992ab2d626e1abbf4c8

    • SHA256

      af14faa83ef43be891fd0e87d3cce5d37d90d372e8892b2a98c5eda8e67ca727

    • SHA512

      454854085073a214fd0642b786e4918aae9674e197a4dc1185de45b3bc31342d8f426a7ee2060cfb563c5daec4cec61a46058cc9be2d18040615f85aba5d530a

    • SSDEEP

      196608:dYAgzUvRdvzUGZkof8M3hBiIEo0LMkxa3VFVUPRE7Yrwr1rXrrr/rirur/rTrXrv:ZPvzfvf8MviIEooMsa3WM

    Score
    10/10
    lummapersistencestealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks