Extracted

• • Target

    [email protected]

  • Size

    113.1MB

  • MD5

    2e3e5073d22bbcd2f2b0bfea40c95f29

  • SHA1

    acc3917dd7d803e68475c966064bf60177934c78

  • SHA256

    c3030eb910a9a625cd7ccfb58c831efe98db82b6e20e294d101345c24c162a2e

  • SHA512

    bd8532d16d5e32763ae6e9f4aa1a3676226682edfab7b5a1efd132f5f76ce14a6bdf061271e02681818e1d55c1791e9e613677d6648075d1af61b51a4f5176e3

  • SSDEEP

    98304:jzGfaIjrga+OQlJMHIu5LKoo2A5FEtHU53KW1avHpgAE6H3ei3AaUi:QjP+OQlmyEUJ1avHe56XLAaU

  Score

  10^/10

  lummaexecutionpersistencespywarestealer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2