lumma | 2a64743382f57d6e2ec30660f46c2a65a12c1b9c897260a07c8b30e971cee291

Resubmissions

25-04-2024 16:33

240425-t2tb1sce7t 3

25-04-2024 16:27

240425-tylg1acf24 10

Sharing

Copy URL

Twitter E-mail

General

Target

1INSTAlIER!____Pswrd---1231.zip
Size

227.6MB
Sample

240425-tylg1acf24
MD5

c0d0b88382f3d1ceab2caf451208815c
SHA1

77438735c0be3d8bf53f641d1ca12f276cf12893
SHA256

2a64743382f57d6e2ec30660f46c2a65a12c1b9c897260a07c8b30e971cee291
SHA512

44929f669a4553ab76ff8a4c44cfcf35c6dc2e8ab8bf455cb8a16d7fe600e36e1fd56b9606f05289eed3d9fae67438a998693324ec13eb8f574693d41c8d2ba4
SSDEEP

6291456:19kbMuUWemjuCwUrYmHbuCRHRI6l2QbsJWIdJd:1902nmjuCwUbuGHC6l3yWIZ

Score

10^/10

Malware Config

Extracted

Family

lumma

https://peanuearthflaxes.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

- Target
  
  InstaIler.exe
- Size
  
  30.5MB
- MD5
  
  7f61125e107a2eb59123e61c9d5b5f5d
- SHA1
  
  b60da27ecd514fbf99532172c86c84eb0cf23545
- SHA256
  
  ebc797951823825f6fdf926dcd5d235f74df9069989baec669a13c500e751782
- SHA512
  
  7f09789c6a79df1305a3c78e20a79bee589b2bafc8273b3e086bc1166a5bdeb91948640832774477922c664863418c440fd4849561d08551d5ab6e0d1acd8e51
- SSDEEP
  
  196608:/ZS4A1fXbeokrAALKKI7IrfPme6Gy0pZXEh3eEB:RwfXbCrdKXsw0pZXi3B
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  amsvcp120.dll
- Size
  
  444KB
- MD5
  
  fd5cabbe52272bd76007b68186ebaf00
- SHA1
  
  efd1e306c1092c17f6944cc6bf9a1bfad4d14613
- SHA256
  
  87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
- SHA512
  
  1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
- SSDEEP
  
  12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
Score

3^/10
behavioral2
- Target
  
  dll/libEGL.dll
- Size
  
  18KB
- MD5
  
  379358b4cd4b60137c0807f327531987
- SHA1
  
  b0a5f6e3dcd0dbc94726f16ed55d2461d1737b59
- SHA256
  
  0ff1d03926f5d9c01d02fae5c5e1f018a87d7f90a1826de47277530bfc7776f8
- SHA512
  
  097c08135d654596a19ada814ad360a8c2374d989cbd7094c6acb092e9854abf1f1d878d3da72b66c4c75806586bee7fe04d555a1d82db170725bdbeadea7d50
- SSDEEP
  
  384:rLyPunoshzdtnbuH0aXOk0GfZh5g+zCxU:rLy7s5dJuHHOqhyy
Score

1^/10
behavioral3
- Target
  
  dll/ssleay32.dll
- Size
  
  270KB
- MD5
  
  df38eb2002e5979e57babf8b4f6a2f82
- SHA1
  
  219d5837f6461688122d637bf67f041fc6c19aac
- SHA256
  
  5c2f10a772edfbeef8a5261b8677e68c4194cb87f3cb9bc319c8da75cfaefa3f
- SHA512
  
  da4b6ec820f5886102577a7e98187ed45165ee5373504fb4f610cfb47eb2ad6e0b75d868464df4ee8b97f506c2f493a1d3bf029c184c08b311dbc1b76c2a37f6
- SSDEEP
  
  6144:0xnT+R40IInTyFxvYlBtCikIK3gb/VuLXyJxm11VMaorgpa7ivoQXoYwWAaHeeT6:6nKR40IInTyFxvY3tCikIK3gb/VECJxD
Score

1^/10
behavioral4
- Target
  
  files/libs/Qt5Core.dll
- Size
  
  4.5MB
- MD5
  
  b4f2c1be9ac448fdbb6833b0fba3bb75
- SHA1
  
  e34496261619f6dc70efd08b0f3c9c73b3dfee50
- SHA256
  
  7ab15d298cdd7185f2cceae2613715c54a54861fa788bb2de3d152eceb484288
- SHA512
  
  be478f77214590ffe6360ee4b9e3c20e45d5281973cfbd502674dbdfb5afe62ec9b0ae06418f4523dd73fa4573d92c52100cf5c3b730ae1bc8ff3f34d8e1860f
- SSDEEP
  
  98304:0dS/SBS/PayG3fVkp9PJsv6tWKFdu9CPDB:/wfVUPJsv6tWKFdu9CPN
Score

3^/10
behavioral5
- Target
  
  files/libs/libEGL.dll
- Size
  
  18KB
- MD5
  
  379358b4cd4b60137c0807f327531987
- SHA1
  
  b0a5f6e3dcd0dbc94726f16ed55d2461d1737b59
- SHA256
  
  0ff1d03926f5d9c01d02fae5c5e1f018a87d7f90a1826de47277530bfc7776f8
- SHA512
  
  097c08135d654596a19ada814ad360a8c2374d989cbd7094c6acb092e9854abf1f1d878d3da72b66c4c75806586bee7fe04d555a1d82db170725bdbeadea7d50
- SSDEEP
  
  384:rLyPunoshzdtnbuH0aXOk0GfZh5g+zCxU:rLy7s5dJuHHOqhyy
Score

1^/10
behavioral6
- Target
  
  files/libs/libeay32.dll
- Size
  
  1.1MB
- MD5
  
  67130d64a3c2b4b792c4f5f955b37287
- SHA1
  
  6f6cae2a74f7e7b0f18b93367821f7b802b3e6cf
- SHA256
  
  7581f48b16bd9c959491730e19687656f045afbab59222c0baba52b25d1055be
- SHA512
  
  d88c26ec059ad324082c4f654786a3a45ecf9561a522c8ec80905548ad1693075f0ffc93079f0ef94614c95a3ac6bbf59c8516018c71b2e59ec1320ba2b99645
- SSDEEP
  
  24576:CBULPHc9UKJayhv6uaDGXcRY0Pt4eY/qL6I4tPxVCBfe6w:L09UpyuDMaoHI4tPxV56w
Score

1^/10
behavioral7
- Target
  
  files/libs/msvcp120.dll
- Size
  
  444KB
- MD5
  
  fd5cabbe52272bd76007b68186ebaf00
- SHA1
  
  efd1e306c1092c17f6944cc6bf9a1bfad4d14613
- SHA256
  
  87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
- SHA512
  
  1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5
- SSDEEP
  
  12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
Score

3^/10
behavioral8
- Target
  
  files/libs/msvcr120.dll
- Size
  
  948KB
- MD5
  
  034ccadc1c073e4216e9466b720f9849
- SHA1
  
  f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
- SHA256
  
  86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
- SHA512
  
  5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
- SSDEEP
  
  12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
Score

3^/10
behavioral9
- Target
  
  files/libs/opengl32sw.dll
- Size
  
  14.5MB
- MD5
  
  3bd5aea364326cdfa667651a93e7a4c9
- SHA1
  
  f33b4a83e038363c1a4df919e6f6e0e41dba9334
- SHA256
  
  23f04ba936568e9a7c9dce7a6beb52c9be7eb13b734cd390c99e7546cbe1973d
- SHA512
  
  7bd4e742b4d683b79de54eaf7d8b215252212921b8a53d1fbfc8e51ce43505c003da62fd126663bc04bbc65b8f77b85232c78ea6ecba8a4e425c28c0e9c80dc3
- SSDEEP
  
  393216:00Rly5ZnSHLe1tvwDTtwJuefdrX780dNYbg4A358TjGNrS1aKbBICZBSJLGWIGC2:NRlyP71tvwDTtwJuefdrX780dNYbg4Az
Score

1^/10
behavioral10
- Target
  
  files/libs/ssleay32.dll
- Size
  
  270KB
- MD5
  
  df38eb2002e5979e57babf8b4f6a2f82
- SHA1
  
  219d5837f6461688122d637bf67f041fc6c19aac
- SHA256
  
  5c2f10a772edfbeef8a5261b8677e68c4194cb87f3cb9bc319c8da75cfaefa3f
- SHA512
  
  da4b6ec820f5886102577a7e98187ed45165ee5373504fb4f610cfb47eb2ad6e0b75d868464df4ee8b97f506c2f493a1d3bf029c184c08b311dbc1b76c2a37f6
- SSDEEP
  
  6144:0xnT+R40IInTyFxvYlBtCikIK3gb/VuLXyJxm11VMaorgpa7ivoQXoYwWAaHeeT6:6nKR40IInTyFxvY3tCikIK3gb/VECJxD
Score

1^/10
behavioral11
- Target
  
  files/libs/wsecedit.dll
- Size
  
  728KB
- MD5
  
  5b435dd52f8ec70625de80a5104a9b5e
- SHA1
  
  8fcc3067fd11b492d147d868ba5c536a44469b3f
- SHA256
  
  09c60a853785f1939a53fe78947513ab70041e615b043e51cec8dd575955d7fa
- SHA512
  
  14e712c6f69a3f876d92bcf1733eadbddcf7a391e932afe8677c669c8b962592224a130d46c1093dd9cadf3d5be86c7fff1e4f7e874086a4590e0220a12fd6bb
- SSDEEP
  
  12288:YAtJQuH/hqzxw90bajs25YFHWP4k8Rl7/IZyw9KnXh+:9tT/hqW90dFHWd8rwMnX
Score

1^/10
behavioral12
- Target
  
  files/libs/wsepno.dll
- Size
  
  87KB
- MD5
  
  d26c0e76bb8b80ce89f0da6bb2af273f
- SHA1
  
  dfade2179dfd8fe0ee15a63d6c48853e03f59c87
- SHA256
  
  6bc997b73b82825b0f5fa45da49569c22cd57dab4f3bc976bb9ef90b17a47048
- SHA512
  
  6d9b7d0237e1bf4e4766dfae3d3e9b8701e34b41c8fcff255841aa7b64738893ab356fb356ce93f7a3f166af4df43f336e9b617c158ce12d474ac0aa2b3f4f20
- SSDEEP
  
  1536:GVjygv90mPuLRTL3vtZFIaoSAJgT0gSn7+KS7+OQGz8JgWpMtJC:UX9LMvZkSAJ+Sn7+XCO9WgWOt0
Score

1^/10
behavioral13
- Target
  
  files/libs/wshbth.dll
- Size
  
  62KB
- MD5
  
  5d45b3c64d79c5120f4c48b4d77cf99d
- SHA1
  
  7dbbc2da9998a00f9cb4c0e45a1a093d2e3149c5
- SHA256
  
  facab1fb45cc5689d131b17dc094a4e44068f00c2d447bb78cb74e880cb004c6
- SHA512
  
  02544affffe2c2429a733377ce601a7365661c03c27721f6a359f71345142f7b92bdbea17bb2cfaa2bc195e85ac329563fbc919a5f6ea8050b9846d0c7b6bf48
- SSDEEP
  
  768:LBl+9xnr1+SPhLTFZwc7LLuIs3hY3Gg4ncaLR7WXMWqGo+X7SRgEDjrBBzSa/WTR:qzxFZPsa54c8OqgX7SPt/k87XPK
Score

1^/10
behavioral14
- Target
  
  files/libs/wshcon.dll
- Size
  
  24KB
- MD5
  
  6ed26eb99845c26452cc761b644d31b7
- SHA1
  
  48a260c424d8de906d8f30f2ab65e776a05827a7
- SHA256
  
  7e2f590e58a32873864f44ccb5d43547970a7ee8437667736e00460ead96a23f
- SHA512
  
  f2ccee91a8010b8fa9a9610ae6f8c5093c1d002f36ca0a6e41750b5672358659fb72626713537949fc4f3f741efb332dac5f759b7dc1b27029122f04a2330b36
- SSDEEP
  
  768:0tfil4NzBq+vRNw4DXAhiAaTpyAWaFnx5RFYi2:kBq+vbw2XAhiAaTUXaNxXFYi2
Score

7^/10

persistence
- Registers COM server for autorun
  persistence
behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Suspicious use of SetThreadContext

Registers COM server for autorun

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15