Extracted

• • Target

    2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5.exe

  • Size

    993KB

  • MD5

    ef60acf75c0376b0b966fa79c0eb3b7b

  • SHA1

    f34dadc470f90762605ace8d79639dcb7cfb6457

  • SHA256

    2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5

  • SHA512

    2055775b4177bd838e5a64ffe9b9acc13e9948df8cf0d7698edcce030ea351cb74e0901826e20868fd78aa2ee4f463658d6320cd0e8e35b09a35f66ca82c8241

  • SSDEEP

    24576:WMzyQW5NWooWo7lnCV01bmqFOmu4tVoLtGJL7BpWT:MZN9oWoRnCq1K0OmvVrL7iT

  Score

  10^/10

  lummastealer

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2