Overview

overview

10

Static

static

6

1099Misc233.pdf

windows7-x64

3

1099Misc233.pdf

windows10-2004-x64

3

Inbreukmak...29.exe

windows7-x64

10

Inbreukmak...29.exe

windows10-2004-x64

10

msimg32.dll

windows7-x64

3

msimg32.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lummastealer.7z

  • Size

    47.1MB

  • Sample

    241114-kxbrqszndp

  • MD5

    e99fbebe0759c6cd8390ab976fdf17ec

  • SHA1

    e687f523c97ac6bcf759804155d0be0847e51cfb

  • SHA256

    0ef4867f128468591782802663f6b6f49e404bc9949ce54fe385837565ca2efe

  • SHA512

    59c7a93c8f8a6808c76b8e5d37e55f720d8f87b8325b510cc19ebf4260d9518d421c57cb30185e11b191e8dbd042766b3300202b73c3133a01a25fa418fc8ade

  • SSDEEP

    786432:EYsnDjqDIwk9tqFU+O1yrGvl6ieAXhABaguQEJwrQtkZXWnZuOcSeFeGulwR0jJ8:ZsOk9MO7vlvXXSBaIEycKZmBKetw5iGx

Score
10/10
lummadiscoveryevasionpdfspywarestealer

Malware Config

Extracted

Family

lumma

C2

https://tamedgeesy.sbs

https://relalingj.sbs

https://rottieud.sbs

https://brownieyuz.sbs

https://explainvees.sbs

https://ducksringjk.sbs

https://thinkyyokej.sbs

https://repostebhu.sbs

https://manuejcruwhj.cyou

Extracted

Family

lumma

C2

https://manuejcruwhj.cyou/api

Targets

    • Target

      1099Misc233.inf

    • Size

      220.0MB

    • MD5

      daa153b1d4f8ecab0d0cab2911b89ce7

    • SHA1

      26eabfb2506d2a89c97ac1b4e19bac67493cf009

    • SHA256

      dcf81f648ee6d097226d3c885561c34bb22e738501e410410afce9787bd43009

    • SHA512

      016cda97b65730cc380d4120ce65d70cb0bb079b8c869d977887c53dc29276bc7949d9f7793750241551c3299c697ee1f643406d1cd5cb07132b42486f98b3da

    • SSDEEP

      3145728:k6lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Inbreukmakend document verstrekt door BMG Benelux - De Brauw Blackstone Westbroek DH29.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    lummadiscoveryspywarestealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

    • Target

      msimg32.dll

    • Size

      121.3MB

    • MD5

      23e13f7feabf1ff341023262b8f10beb

    • SHA1

      4e5eed88e032da77f0ef134facc513a132d89de1

    • SHA256

      7c1eff056bb1dd33ca5c05e453ca00e9573df2ccf88da9603a84da806ecd10d2

    • SHA512

      9ffb81f5a0db7d63aafe8e747eaa165c73c6e6d6f54d999c782a7b938aa7ac155ed91522131565c178a5dc1583d0f9cb92ae6e8f1e09a062aa24b0dae675f34d

    • SSDEEP

      1572864:iyEWnoJnhGFJ3EJSNveMrg1VSVL51HaCBTWVLsI9BfgZhgT2p4pBidR:ivYEJS8h+DZvmi

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks