lumma | e4b3eb482bd3d7c29067eacd1e52a0256e49cc1560889822f81f34202c6bd6e5

Sharing

Copy URL

Twitter E-mail

General

Target

e4b3eb482bd3d7c29067eacd1e52a0256e49cc1560889822f81f34202c6bd6e5.zip
Size

1.7MB
Sample

241116-rcz26a1raj
MD5

04e9cdc7c6495536c01624fe0c9050fd
SHA1

fc6cfce674b7735c5ba1dc9f0f613555f1d23334
SHA256

e4b3eb482bd3d7c29067eacd1e52a0256e49cc1560889822f81f34202c6bd6e5
SHA512

6f5ffbc6efad0e49d14dad8bf653b746491186f760fb13cca2ecd573ceae8cff5c3e16185b022d5c75819d90af64a5b515eb7f1649d26fbd55a3c0c49af2e19e
SSDEEP

49152:p2b1O57sp9A1nCh0Dz2oTtfS0b8D+7uSdKWB:J54pF1ojsWB

Score

10^/10

Malware Config

Extracted

Family

lumma

https://servicedny.site

https://authorisev.site

https://faulteyotk.site

https://dilemmadu.site

https://contemteny.site

https://goalyfeastz.site

https://opposezmny.site

https://seallysl.site

https://forbidstow.site

Extracted

Family

meduza

45.130.145.152

Attributes

anti_dbg
true
anti_vm
true
build_name
Mazti
extensions
.txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite
grabber_max_size
3.145728e+06
port
15666
self_destruct
true

Targets

- Target
  
  Crack.exe
- Size
  
  2.5MB
- MD5
  
  713454ca909efaf3a83b636423a6c248
- SHA1
  
  6c197870b9646b90f5b55bdcd4cfd07019864e98
- SHA256
  
  9d1701e0510ea2a76a1292999d89627ba30384bcb7eacc3000e331ba728bf8ad
- SHA512
  
  8a31b7fdfe7a4d1c21f7af401e14c7ae7b420e66bab2fc8310c1341fc8b559a80a12b6b3fb1544358f1e505eb931e466abdf1bd3289618846c4a9167b789a80b
- SSDEEP
  
  24576:xf2KQ7MvYPh0lhSMXlJu78bG8AQs7QZqxwB42EyuzCBorM5c9ech:tpHvZM78b9Ab7aTEZzwoN
Score

10^/10

meduza stealer collection discovery spyware
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  WindowsManager.dll
- Size
  
  433KB
- MD5
  
  5b7211145cb919b8cac505949d35caa8
- SHA1
  
  6373c7181bfc64cf140630219db2aefbca2c9f62
- SHA256
  
  29363cf4cd506dcfbfa2f3d954e2130b85db8068c0a8acae7982a6f1fa657c90
- SHA512
  
  b553730dc97cfa5e3e920b2484d157757539c7728c693bbce189f911deb5e3697c12eb4bb847d714fc8f83bf481245574ded807e88317b2dd039c97a71384571
- SSDEEP
  
  12288:CI11++JcRZtddofKKrzHPJ3ii0bL7E6t7y22a:CIKRZtddoPrjR3sP7RtuS
Score

1^/10
behavioral3 behavioral4
- Target
  
  assets/TapInstaller.dll
- Size
  
  25KB
- MD5
  
  9cac1ad2f768d22e4aaae577097df7f3
- SHA1
  
  b059d99cdd50c46948bd6e4ac264c2fe53169b22
- SHA256
  
  9c050c82c065fe5e7553e73393e59d0b3ca3372e6d590d6eb074b014dab0ea78
- SHA512
  
  22d59282a9b2aab81884ad1b1391c16755e895b2b79466fc163f30a8e9035498b371781ea0fab40b6e79313a9a54fe90b8903ecb8ad29471eebd02ce269a0be4
- SSDEEP
  
  384:hxB7Wf+NkjZwWqXteRRUUmi/6XLNrtMQJK2+Katf5kKFKjqfvGBkSG00:/kjSoghrW29skKFKcMkP00
Score

1^/10
behavioral5 behavioral6
- Target
  
  assets/WSearchMigPlugin.dll
- Size
  
  134KB
- MD5
  
  b74eb945013d95409a3e071c4029cb02
- SHA1
  
  d087775c3f00e9c27842cc44bcb27c0f334a865b
- SHA256
  
  2bdbbd40df3b199cd8ebfc359be451971527e602ab999e23fae524f8edab0ef1
- SHA512
  
  3c1e8d24a4d0eadec0beb7c3288bbb290d018ddaa104df9e65db0de0d7543ab77c4139de6b20382925e35bb1ee303dca12b2ea418770c70dde33f26be06a1c48
- SSDEEP
  
  3072:PBBD02DY32F5K7lxgtRx3aHCHGA+48xgJJ5x5N3DPZtQ68f69ru:PBBD02U32F5K7KRxKiHGAP37QXfS
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral7
- Target
  
  assets/WpcMigration.Uplevel.dll
- Size
  
  231KB
- MD5
  
  c92661b900b934ce4e4b7d047aba74e5
- SHA1
  
  abf1d9b1058fb1f14a091985bd3fa3c2e9140702
- SHA256
  
  85302fc70223988f2e94c5b443afe8c95f73695f60778bdc8cd5e1316a701841
- SHA512
  
  34921fccfc07d4080c22d7ff056e92df2bfee61f82212501c9c86d532131c43b2b3655e101439396b887a53180159cb372b222e649bcd7d48ed9952df0a22f6d
- SSDEEP
  
  3072:aqJFmRDHgpg2Ri14Myz56tvi8UKLBWAUG/+vufW4369gNbv6K9kd+GAmA8C/y:a0otLkMVizsBXUi6qNdkd+GAmA8
Score

1^/10
behavioral8
- Target
  
  assets/WsUpgrade.dll
- Size
  
  201KB
- MD5
  
  9d99b0e88cc4eaa43141dea9e31ed3be
- SHA1
  
  442e48476650e97cfac8e8088a7315b9804be0c1
- SHA256
  
  061de26f44da62a17eecb71f078ef90a9c8784e7c58500984314c74b32c12e46
- SHA512
  
  2a0cd7adf67e535cf4a40988d6da4ee69970694875504ea7f7e68cef19e01675557bd3021d867c2bb837d1c3e8287d710259c921967324255c53d0351c6d48df
- SSDEEP
  
  3072:a0qV+qDh/7k8Rr92ZSbTP6c27UxDOUreaNQbmOhG7/tfxvharBjnt:a0qVHV1IwTPrFtOe/tzarB7
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral9
- Target
  
  library/ARSoft.Tools.Net.dll
- Size
  
  302KB
- MD5
  
  452def66509f01d15b43e4c57176d1d8
- SHA1
  
  fb3438a1b191fb75c76d22023c3478a585756463
- SHA256
  
  f1fe59774bf1fd914aea33459631837569d78e2c1a68d8c544cb498fcdbbef10
- SHA512
  
  c5ded39b6f8961bf9e1b77fb07fc41ac321f2e5b9e7a0c4d3a55cf7debb483384b51a8abade6edb9601ea2871cfba65886582cceefcc5010f45c819ec30c625e
- SSDEEP
  
  6144:/AUw1rf4dPEliWDLdQCc88UviewobzUY+GsKAZ:qbiy3Zc88UtFfU
Score

1^/10
behavioral10 behavioral11
- Target
  
  library/Autofac.dll
- Size
  
  236KB
- MD5
  
  f879f97c67c2d03cd47bb7ab1e6dfd51
- SHA1
  
  a65ec6943e9eb3ca7001f7bc310475709a949d08
- SHA256
  
  02c445f70273eff02d30055c83e77ce7434dd24f6da485b0231e88b2675795dc
- SHA512
  
  882db30f98796339a610ce5e5ddd8ad161e231fdd75c5ebd3e552fbb44a618faa09904b01c7c7dcf5834a350a2170c516838bc5de363a89a3a01bb6e0171970a
- SSDEEP
  
  3072:g36EQo/nAmrSwxl6g6o9We/Bwdc2lSG+qR/EWJS6A6g73yRhxgByGP/aw4cQSOhZ:gBclGKpT6zbcZAhdPSVuoxnBDPTS
Score

1^/10
behavioral12 behavioral13
- Target
  
  library/GalaSoft.MvvmLight.Platform.dll
- Size
  
  23KB
- MD5
  
  99a0483ce79d57b52b6a1eacd5f86a12
- SHA1
  
  443fc60ab490eefea76859cd263fafa15fed26a1
- SHA256
  
  16a051d25e5256348affa9f64a0919f69efd860c8fd3c3b28cea0a9fa126cd4f
- SHA512
  
  977719f32b0a4bd10f584a0ee82e7c69664a2a75533f1a3c7799eb89bd5d7c98cece830538372fb7e2263f3c99942ada1e90de50e0ba0e59dfacb8ab8e66d20c
- SSDEEP
  
  384:2KKUx+mQv787wr/igP39cVT0ojR97dKRSX8iPyZA3gs/bHMQJK2+KatfzNKFKjqI:DKnW3g/oTZjR97dJXTPyA3gs/bk29+Nn
Score

1^/10
behavioral14 behavioral15
- Target
  
  library/GalaSoft.MvvmLight.dll
- Size
  
  50KB
- MD5
  
  0fe3d6671024ea3d78aa18dd5adfa613
- SHA1
  
  3dfdfa5a20c3ded2908198c85aa04b9dae024441
- SHA256
  
  3baba32bdbcd1f2e715724e41ad97878bdb9fb7b7f85dfadc2f98d6cd68932fb
- SHA512
  
  84b7a7104ea5cce7c713c6bc2e8c686a684b78fe4949367db6652d285d3d01ebe594070cc993456fac9a21ac2f7a39180ecaf6013d674fce4e42206d0c1c6c55
- SSDEEP
  
  768:5nVF+heuJxTH6yaDSpAyYZbT0gJHTCNQYRWCiD5MaIN7UAifpzNJ2Ox/KpEsD+KQ:5VKLY5T0gUNQQiltEifpv2sCWRyIr
Score

1^/10
behavioral16 behavioral17