lumma | b20a53ffbf2785cb8d8e2ff5880fd450188547a7474447c018305897fe2a29c8 | Triage

Sharing

General

Target

0505e8af25b9fa72e1608eaf54a07d18_JaffaCakes118
Size

211KB
Sample

240428-mw6xladh97
MD5

0505e8af25b9fa72e1608eaf54a07d18
SHA1

ec57f317404bd4675e60a59fb0b836bdff9be52d
SHA256

b20a53ffbf2785cb8d8e2ff5880fd450188547a7474447c018305897fe2a29c8
SHA512

130c01746f10834c9cfec32d4e387550635cbc94d841615dddb5bb6ea5c622179a97532df0b74c287e69f564b7e1591ed0df5613b8e5ce7a084adf2b003d2c02
SSDEEP

3072:LY+vlv/baAjglQX4YWYpRq/vk1waTlFX106xo46CaZiQm6zh6uJhoK4:U+vlv/hbCYAOTjy6x/6Cam6zcuJho

Score

10^/10

lumma evasion stealer

Malware Config

Targets

- Target
  
  0505e8af25b9fa72e1608eaf54a07d18_JaffaCakes118
- Size
  
  211KB
- MD5
  
  0505e8af25b9fa72e1608eaf54a07d18
- SHA1
  
  ec57f317404bd4675e60a59fb0b836bdff9be52d
- SHA256
  
  b20a53ffbf2785cb8d8e2ff5880fd450188547a7474447c018305897fe2a29c8
- SHA512
  
  130c01746f10834c9cfec32d4e387550635cbc94d841615dddb5bb6ea5c622179a97532df0b74c287e69f564b7e1591ed0df5613b8e5ce7a084adf2b003d2c02
- SSDEEP
  
  3072:LY+vlv/baAjglQX4YWYpRq/vk1waTlFX106xo46CaZiQm6zh6uJhoK4:U+vlv/hbCYAOTjy6x/6Cam6zcuJho
Score

10^/10

lumma evasion stealer
- Detect Lumma Stealer payload V4
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lummaevasionstealer

behavioral2

lummaevasionstealer