Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

python310.dll

windows7-x64

1

python310.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

1

x64/AzureK...ib.dll

windows7-x64

1

x64/AzureK...ib.dll

windows10-2004-x64

1

x64/BugReporter.exe

windows7-x64

1

x64/BugReporter.exe

windows10-2004-x64

1

x64/ComExtractor.exe

windows7-x64

1

x64/ComExtractor.exe

windows10-2004-x64

1

x64/HDHelp...1].exe

windows7-x64

1

x64/HDHelp...1].exe

windows10-2004-x64

1

x64/Micros...st.dll

windows7-x64

1

x64/Micros...st.dll

windows10-2004-x64

1

x64/Micros...ml.dll

windows7-x64

1

x64/Micros...ml.dll

windows10-2004-x64

1

x64/NvSter...1].exe

windows7-x64

1

x64/NvSter...1].exe

windows10-2004-x64

3

x64/VSLaun...1].exe

windows7-x64

1

x64/VSLaun...1].exe

windows10-2004-x64

1

x64/WinUiB...er.dll

windows7-x64

1

x64/WinUiB...er.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

x64/api-ms...-0.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.zip

  • Size

    19.1MB

  • Sample

    240524-tphprabe8x

  • MD5

    4501d61ed00c1d8ac0a281d8951a0f31

  • SHA1

    6cf40207e325e8dfc504f5d2544050aa7581576d

  • SHA256

    2924ba5dbc28096149d847b2c6843d7978f034d620930d9cd93644f309b52ee2

  • SHA512

    d12ef5609d5733aaa23b8a61c2428158ccad19a73348f5a19f3fb00cc191c637b2dc483a2053db84b89dbae290f82cba42bfbae359581a1c68e21e42ce3d925c

  • SSDEEP

    393216:HMRnT5KgVCUO62mnCh4++5NVDs3Lf4wPelHgYIYDaDwu9rNBIoRFvUyDVOp:H2nTQxUOvph4++5s/PeZgPRjCyDA

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://evokeoutlooklits.shop/api

Targets

    • Target

      Setup.exe

    • Size

      94KB

    • MD5

      9a4cc0d8e7007f7ef20ca585324e0739

    • SHA1

      f3e5a2e477cac4bab85940a2158eed78f2d74441

    • SHA256

      040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92

    • SHA512

      54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3

    • SSDEEP

      1536:9M/AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/ZDs5yf:9M4SwMpdCq/IM8uIGfV/ZDso

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      python310.dll

    • Size

      4.3MB

    • MD5

      854459684e529745f811bb42efba70c4

    • SHA1

      9c4f1c5dc49f63f86c7dc94aa259f2cc2db1f04d

    • SHA256

      07a8f318d28220dda5373075d9a8d9846a0100a2029ade86240aad715a710ca9

    • SHA512

      8228d0052c0ff8eccae0347bb02a7dfd81b8e52d1142a23bfdc73123da7aa329db0224f050f587e1817ced9d02184f8e32348f178ef0f1fd8cfc52872f3de84f

    • SSDEEP

      49152:rExWM30WEuKdhbvd9aCLYjiNME9KnPdZkAMnu08MVc3MrOEJ8wwoJzlxy4I0mUHM:rEeV7bkwMVPZqHble0XHaMZqSH1Tze

    Score
    1/10
    behavioral3behavioral4

    • Target

      vcruntime140.dll

    • Size

      106KB

    • MD5

      49c96cecda5c6c660a107d378fdfc3d4

    • SHA1

      00149b7a66723e3f0310f139489fe172f818ca8e

    • SHA256

      69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

    • SHA512

      e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

    • SSDEEP

      1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU

    Score
    1/10
    behavioral5behavioral6

    • Target

      x64/AzureKeyVaultDgssLib.dll

    • Size

      373KB

    • MD5

      34ae0787cdfcb920753763251dcf83de

    • SHA1

      a41d5d58d21300e8418dbd354f46bba425fa9611

    • SHA256

      3eee708fdcc68fe76ac4cc7adba90201912c63cd815717f91a5eabba1170af0d

    • SHA512

      c8684bf3441fa5fb6a0e38df6bb9f728502e78f55eb9382ff168adab081440c37277497804fb1246a13e1f625aaa1858e39f62780c5c426edf3d825f9a739bc7

    • SSDEEP

      6144:UbJLUIAs2A/QRth5FMjvgQKMBTaJq+jqBTSMNGx6:UbJciQRth5FMjvg9MEJMFpGI

    Score
    1/10
    behavioral7behavioral8

    • Target

      x64/BugReporter

    • Size

      521KB

    • MD5

      29d33ee7f3fa0ee7f52ae96732c90f48

    • SHA1

      a781620a7bcff615d4dc64751b30287814200d13

    • SHA256

      b8b06487ee2c2f2a4ae25d1e7a08a9ce831539a529fe2ed0e8841e5f7c42de90

    • SHA512

      7b0076d73dc6ed561b8294ed7687f5d0d285b080b2f12bc49623690e32ccd6a2161232860f906aa151f04950587befae49793130f5f6e2ff13453a401862d856

    • SSDEEP

      12288:pFU4ZwXnyWu9wHXspsSlxuw2xyJGS3mrxWI7n3OqiHThrmotbY7rSrZWZlJmwJIH:pyellxAxyJGS3mrxWI7n3OqiHThrmotD

    Score
    1/10
    behavioral10behavioral9

    • Target

      x64/ComExtractor

    • Size

      618KB

    • MD5

      36848dd965ff265d696fff4f2d51935e

    • SHA1

      68c6390741c490adf2802c84e06a3b90a3c308ea

    • SHA256

      d66ee1d1e44feb03d7821062ce27e92da0fa78f7e47a451b7b1d4b94860dd309

    • SHA512

      6c3e9cdce928a78b9ea997954043ff82b2767a29b519116884e616b8aaa48668ccd051ed4607830bd7b59e32671e563939d180e576ae91752f854081b84b35af

    • SSDEEP

      12288:pRP0qhnnyfYZtOUdSK+jgsVGmzyg4J5EA:fP0DgsVzyJ5EA

    Score
    1/10
    behavioral11behavioral12

    • Target

      x64/HDHelper_[0MB]_[1].exe

    • Size

      566KB

    • MD5

      8a179892518a2c4e8a63afa91de7bdce

    • SHA1

      e9b095c966ccc4c4900b4cf741c067d2a0f43cd4

    • SHA256

      72ece91f65a461c5023695bf5f31b5b6b5bd629dba8407524e8144f6d1e160e8

    • SHA512

      91abb220c222a89a2df27818b8385b4015128a35b7d4c43d0f497717a4e5a55dfb9dc1da3f47a49a2400ea8300d41d52277331a6c7c3437ac5cb867a4027b220

    • SSDEEP

      12288:voJoMf8uSKkd/kAseRy/M96oQD08WjWYatid4TwzSxK/G8kHcL:CEKkd/wXMwoQJW6Ya5TwzUKeH8L

    Score
    1/10
    behavioral13behavioral14

    • Target

      x64/Microsoft.Toolkit.Win32.UI.XamlHost.dll

    • Size

      108KB

    • MD5

      1f4379d416af34033857bb439057cee0

    • SHA1

      a779714e9fe715aad9db2218a4b761ab77e873b9

    • SHA256

      98a87914e37600c7f97a27ca603a6b994dd51ffd390ce5b34e073939d258c2f4

    • SHA512

      cdaa3d8727e287eeaddfd58e04f292bd8daf7671a2942f99a023f31037cc8b76dce5c0566d6c0664b24403930bdd9396b27af208c313a28010e7eb9f850ba881

    • SSDEEP

      1536:WPiq7mAYLZ/kEglj55rEzGJT45rhh9esSTrXjnwVijXXyNGF1ZvLzmFiXxnBjYh2:6sxkEDGJk5rYk9Y

    Score
    1/10
    behavioral15behavioral16

    • Target

      x64/Microsoft.UI.Xaml.dll

    • Size

      6.1MB

    • MD5

      459d8921e7b6404ab89ab57a1f200166

    • SHA1

      43d3ba0c4df305ce8967099836f8c08474c67b19

    • SHA256

      b975c41251d70384635c81ba1bab34506ea4c4094237081bbf9ff4ca7c96a90e

    • SHA512

      95ef4c283357eef2a0ed53e4ab369f8df0b6f29b609c2d9cc603d1b22ad695c35ed47011cdccc46da5138960a6518d0ad85cb15b4fe4fde9efd00aaa30d9f053

    • SSDEEP

      196608:0gBQ4NrYqcJugX0trlbHJVI9vTUxL0zmqWYvz+A1QBuNmI7ei1L1:FBQOUqcJugX0trlbHJVI9vTUxL0zmqWi

    Score
    1/10
    behavioral17behavioral18

    • Target

      x64/NvStereoUtilityOGL_[1MB]_[1].exe

    • Size

      1.1MB

    • MD5

      017cd77d01314e72a973ff0c7882453d

    • SHA1

      288238159cf18418149f5cd3475a6ebb9f45a631

    • SHA256

      c2c71318a17f7f767e5d203d22b48f27eecae46a4f37082d7b413c51da6183b3

    • SHA512

      b1d4c87e7d8585c16aa50499398c9a04d90bcd32ab36fbf7a357bc15abce0cd802a259cc7431de9fe2ca77aa68298aab5041157308be4601f7f7aa0c3c180b03

    • SSDEEP

      24576:zCVnoQHgdFnJhVaqajA4+ubDaSKYqSpamUbSBe:zgnoFFnJjaqajA4+yaSK5SpamUbSBe

    Score
    3/10
    behavioral19behavioral20

    • Target

      x64/VSLauncher_[0MB]_[1].exe

    • Size

      281KB

    • MD5

      7a7bb3b0e57e4fb32c57b74e78e657ad

    • SHA1

      f1dee943b1b6238b1466d83325c4099d189cd4b5

    • SHA256

      87048cff2227d2901314760618d23917cfbc5cc15fc22dc355e803c5ee5fb211

    • SHA512

      ef0c9985b640189ed9991b301cfbf9771df961e1bf67bf68c5833667db53977c9745bcfb42e059d8bb5bcd7a88253a715d86f65612dccc33514ccda3baaf24c2

    • SSDEEP

      3072:Dawahjy56hh65Ndqp9ikqtPLy0gJmU/3j41IGvQC2mCILuCW+VoNDRUiuDhJoueT:dLlavj41nDlDOO9uunwiLWyIE2n

    Score
    1/10
    behavioral21behavioral22

    • Target

      x64/WinUiBootstrapper.dll

    • Size

      896KB

    • MD5

      290538fceae682f2cfc3580e01fa7d28

    • SHA1

      12df9dc416d48f90a5ee5648abd1479dcc5dc327

    • SHA256

      c0cfd5ecd4fa7c78eee91c4a2e7963e805513a88ad376772108b9b0c54bb8551

    • SHA512

      089986cfe48fbdc889322796d5b5721b0c5065cfde72516e3fb35024bbe5c3ed098c6b7dc0c459af732f96bc2f67c95435f6d9cbcd8941ac18b83ee54b27321b

    • SSDEEP

      24576:MpiGSL76HSy+SqfyJFE0yD3VDPItrsRmPrAF6dGUO9T:Mpj2GHSy+SqfyJFE0yD3VDPIhsAPrA4Q

    Score
    1/10
    behavioral23behavioral24

    • Target

      x64/api-ms-win-core-console-l1-1-0.dll

    • Size

      21KB

    • MD5

      0909e61c8c9c717976828f65c987e5f9

    • SHA1

      b5affabb8afda55ebb1f404edab69c6c239affe6

    • SHA256

      03ffdb036329a25beacf905d62611a13e3dfdda6cbd2d13af830258e8cf40ec0

    • SHA512

      7f78746e40da64631c08d0e173fbdeb40beed180932b42382d9f3ac0cdb4348d2a5b1c29770bb98f5d4823cfd66ecac2285afbcaf109f82c8b75c7711f10c49d

    • SSDEEP

      192:+OAWAhWeW4pICSjRof0cVWQ4GW/gYbOEU+9YX01k9z3AWB2c:+jWAhW82xlcdUOQGR9zBB2c

    Score
    1/10
    behavioral25

    • Target

      x64/api-ms-win-core-console-l1-2-0.dll

    • Size

      21KB

    • MD5

      6b33e6f1d77cec0901ea8e91473bc18b

    • SHA1

      a397d2c6aead0b3e57d413a8d4af7f28e67f4166

    • SHA256

      449631a3f5fadef72acc2c2f84765208d0ca014ec1fe93fb9ad805eec1d40eae

    • SHA512

      8f5214e38202719f6a7549b2b97ad24288974cfb6cf0da1e9eec5b3b2092220f2330a260b17e28afa90b90226666a765a4e64fe91107e2063cde8e285f64773b

    • SSDEEP

      192:p9qWAhWGW4pICSjRof0cVWQ4iWnYU7h+Il+jX01k9z3Az3TzRL:mWAhWk2xlcQtEjR9z83/RL

    Score
    1/10
    behavioral26

    • Target

      x64/api-ms-win-core-datetime-l1-1-0.dll

    • Size

      21KB

    • MD5

      2b4a3a51e075ab9819c6d6bc40efb4b5

    • SHA1

      bc52c10ded8b087c73229dc2f98714b5a368f521

    • SHA256

      d718e1b6c352112c2f8e36b4ba5ed28e6179257fd2fe944c4a0d404b5c15b5ae

    • SHA512

      13b07dc2247d51dad1ab9bc7df93e0d3e1bd6cc4fd16f9aff87ceffd40a56933d569a5fb82177dea7b6ea04ebf9f909f95451d123126155a13de6a85f747c592

    • SSDEEP

      192:JWAhWSWCYtvnVWQ4WWd/q+KKnAX01k9z3Adaoy:JWAhWtCqTKAR9zsao

    Score
    1/10
    behavioral27

    • Target

      x64/api-ms-win-core-debug-l1-1-0.dll

    • Size

      21KB

    • MD5

      607703b245d9b4fc69a8b5363ff626fa

    • SHA1

      dcf4626787ea220b19e08cc5bf9e55553a3a2aef

    • SHA256

      f65b1b3ea2767f98f0c29118e85b06f4e61654bec34b60b3abb593b24ec29af4

    • SHA512

      92d761f733f2c678946894ca72459b0e6dc62cd3abe1073653104689ab48c19603e6e1109c07b2f110822b424430f22d112f87c629b99d0b3ccc16e179549628

    • SSDEEP

      192:YWAhW+W4pICSjRof0cVWQ4GWk2QYIN5vCX01k9z3AiRDZXobo:YWAhWc2xlcSbUJCR9zdRFX1

    Score
    1/10
    behavioral28

    • Target

      x64/api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      21KB

    • MD5

      059129bae1776f03c59d3ba66a6f6dee

    • SHA1

      33b1dbcaba1d16eaf5413f1378119cecc1298724

    • SHA256

      a83af0f79abb5e5c818c6f38a38da80e531081f3255cb006ed4c29635cc0b9ce

    • SHA512

      6a7da7e58620bc1ce4b6d3cab1e0b746fc9fcf05a84d85931f845412301880786fbc63b31611d9442b5a1cfa72558966375ef14edc749473e2b7c988dd20b675

    • SSDEEP

      384:9f7xeiIFRWAhWWlReaLMB+6R9zqoHLdg5CG6:EFVros29zlacj

    Score
    1/10
    behavioral29

    • Target

      x64/api-ms-win-core-fibers-l1-1-0.dll

    • Size

      21KB

    • MD5

      9fa3992f5dac5ea5dfa15b9669c68154

    • SHA1

      a453fb6c4064da8c01ad03a4ea3c0434efe82635

    • SHA256

      9057131f628e547c14754d545140ad6544e64606358104da50841e9a1b03f442

    • SHA512

      ad73f3952dda55cfaa6a0d6a0233df785650f5965caa4859b6c1577e3fbd6020e60b4b26338387690cc48b16a186d2b530708a71d2671ab17ee8904399de292f

    • SSDEEP

      192:nWAhWqW4pICSjRof0cVWQ4GWGjwUBuvdOEU+9YX01k9z3AWW9q7fUV:nWAhWg2xlc7BulOQGR9zBaqjE

    Score
    1/10
    behavioral30

    • Target

      x64/api-ms-win-core-file-l1-1-0.dll

    • Size

      25KB

    • MD5

      817f9a76b7eadc1226b006ccbdd38a11

    • SHA1

      8b81897cdd4d48befa389c1df2d0b887ffeb58cb

    • SHA256

      99ed148ffbb35829480412dc64da6ad24dfabe2f9a0eff9ba1493455d7127677

    • SHA512

      53d8b2561862c6b2465665d761612aaa8b7adc887058260fbf970aac0fb006317283ada01468b1e042fd9dd44def90451793afee297ed787086645cebce45cd2

    • SSDEEP

      192:1NtaNYPvVX8rFTsfWAhWBW4pICSjRof0cVWQ4aWJLk4xOEU+9YX01k9z3AWBwCy:rPvVXBWAhWn2xlckOQGR9zBBwb

    Score
    1/10
    behavioral31

    • Target

      x64/api-ms-win-core-file-l1-2-0.dll

    • Size

      21KB

    • MD5

      e334f2fe1e0e6d5d6966f139ed328d97

    • SHA1

      68b2cd826f3dfa59531397ebb3f382dec9af5fe5

    • SHA256

      d56eae93c55abdc8eb77d132777049634e28a9b59fd4b2101d51351546b984d1

    • SHA512

      fb6ee02f06447c906a4353d93ce247e14a9a1ea4255819a88e395afe2e3775fe3aeb622b7a97d86086d88c739ba4d2e2fba9e8fd6467e167fc75d595c9182327

    • SSDEEP

      192:hsIkWAhWW7WCYtvnVWQ4OW0mOOt5equ/X01k9z3AFpYlQ:h9kWAhWWCK56/R9zgWy

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix

Tasks