lumma | 3460995cacd089f4b618913c13d6e9b54ab406c4f46bcfde7fa3026435c8aa0c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3460995cacd089f4b618913c13d6e9b54ab406c4f46bcfde7fa3026435c8aa0c.exe
Size

16.1MB
Sample

240708-bfbkzaxcmh
MD5

afa41e5a1914ee187bc78de8387f56d2
SHA1

64a373ce5b290a2ef6437b234a103b10edf24af7
SHA256

3460995cacd089f4b618913c13d6e9b54ab406c4f46bcfde7fa3026435c8aa0c
SHA512

bf819c023bc923039ed1634b6e29f3e1ba8d86d5159e05eb3a92b339fbacd384f38be3d12abf1341ed9e723b66cfcb5bd47aa057644d5d190834f412c3ae7d5b
SSDEEP

98304:jzGfaIjrga+OQlJMHIu5LKoo2A5FEtHU53KW1avHpgAE6H3ei3AaUi:QjP+OQlmyEUJ1avHe56XLAaU

Score

10^/10

lumma execution persistence spyware stealer

Malware Config

Extracted

Family

lumma

C2

https://answerrsdo.shop/api

Targets

- Target
  
  3460995cacd089f4b618913c13d6e9b54ab406c4f46bcfde7fa3026435c8aa0c.exe
- Size
  
  16.1MB
- MD5
  
  afa41e5a1914ee187bc78de8387f56d2
- SHA1
  
  64a373ce5b290a2ef6437b234a103b10edf24af7
- SHA256
  
  3460995cacd089f4b618913c13d6e9b54ab406c4f46bcfde7fa3026435c8aa0c
- SHA512
  
  bf819c023bc923039ed1634b6e29f3e1ba8d86d5159e05eb3a92b339fbacd384f38be3d12abf1341ed9e723b66cfcb5bd47aa057644d5d190834f412c3ae7d5b
- SSDEEP
  
  98304:jzGfaIjrga+OQlJMHIu5LKoo2A5FEtHU53KW1avHpgAE6H3ei3AaUi:QjP+OQlmyEUJ1avHe56XLAaU
Score

10^/10

lumma execution persistence spyware stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Power Settings

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummaexecutionpersistencespywarestealer