lumma | e3a88ee547921deaffa538b8d4177b40ef32a7b7bd93f61b19a3bcb836ab7491

Sharing

Copy URL

Twitter E-mail

General

Target

New folder (8).zip
Size

23.8MB
Sample

241121-lsnfea1lbx
MD5

41d2f3d481146803dd1d9d46b526e0d2
SHA1

a21b67842b0c13069df03fd9e7603c8bfed2ac6f
SHA256

e3a88ee547921deaffa538b8d4177b40ef32a7b7bd93f61b19a3bcb836ab7491
SHA512

7c87c15921dcd4edccc67a48c414d8d5482f18343edbad6f29b19fb8e89b245e062050b6097f7fe07d3a1b87e49e3108536a31025cd75080baf944dbbce5cfb0
SSDEEP

393216:6sSvZTIXnlqvIJaBXD8F6QdZm5GHwY70Qz9vWqb8bWyyMFymaOBKzULJTnzeJK0Y:63IJaBX/QdE5hhQz9uVWyQzULJTYK02b

Score

10^/10

Malware Config

Extracted

Family

lumma

https://gentlewave.shop/api

Targets

- Target
  
  New folder (8)/Data.ct
- Size
  
  3.0MB
- MD5
  
  cf83372ce8462708f58817b1560e7006
- SHA1
  
  6484fdc351661e0ec40ff6d8ef2d9c1df2b05f1a
- SHA256
  
  37a5a53b7d95439b05b5e4f394de8b931a500f6df97aaf1a82cb8a66c11478f2
- SHA512
  
  d4d24cfe4819343a98d2c83f62b456e922ff88215015d6a76d230d4034b68afbef45e3fad2b92b6d2dbfc2772b65c0bb91545b61bd0231c8a75c03a4146352d6
- SSDEEP
  
  49152:KQ96YdG5LJ3Z3k0jbdHMsChIiv1o/spNM:FqBkMGsCJe
Score

1^/10
behavioral1
- Target
  
  New folder (8)/NAudio.dll
- Size
  
  507KB
- MD5
  
  65839a5c28a0dee380c4eba54e2d941f
- SHA1
  
  ac609ea7f86fe533820b801cfe40b22f8a7a3f1b
- SHA256
  
  c7a4c035d89716b027f69c2cc98eaf5c44fb15b08c2ea162d793466356a35a2a
- SHA512
  
  e6853ff5d10d11b5333f0697dcb660a042ebeae12eebc84427d0b9f896cf100258e7e6d18f531aae700c0f476f91f11da0272e7809728df68da80ee560136aeb
- SSDEEP
  
  12288:rnXnae2TPlr3zvzar5oRDaw92wP6mai9gs6CU:78lrT+r5ADakP4i9gsc
Score

1^/10
behavioral2
- Target
  
  New folder (8)/RcClientBase.dll
- Size
  
  29KB
- MD5
  
  f0739e1db958fde4dc6bab9d75865191
- SHA1
  
  fedadbf79b594995e6c44108d6b25cdbbf05eb65
- SHA256
  
  27faac58c4edc8fb147c9947fc9567afd2f785b11252c2963788fd0f64f7ca42
- SHA512
  
  adbf2a0b42c6043ee5c984c02fcc8815b143117fa2ee0286b048f9e90d695f74f0129240e1de36dea2915f1e3d31359953095e6e5497337d01f0004d443aad10
- SSDEEP
  
  384:37VPSe+T3KkTRIjjzi3WbR1zQnSyGUvXU7Ex3dVOSRZYNyb8E9VF6IYinAM+oaua:37VPSFTamMRbzCfzZQEpYinAMxJH4
Score

3^/10

discovery
behavioral3
- Target
  
  New folder (8)/Setup.exe
- Size
  
  1.6MB
- MD5
  
  ec539c4a9c60b3690fbd891e19333362
- SHA1
  
  7cd141b72d9c6701c27f939b790624ebe04668fd
- SHA256
  
  1d60149ce640f4e07bceeb8940950441025277f1eba4f501f8afe558030b34fe
- SHA512
  
  b6a3496e7b6f7aed5dcc7e0bb3fe903d2c231ff5470bbedd37e8bea83b1951dc835f32ac6508dea8b561bfd6354e7741227a42eb49fc0575ce64e12b494c00c1
- SSDEEP
  
  24576:Iz2WcNmHWLyc6+QrRIVkQirZieVPpd27K8mBWSjTUvJ2Npi8TofJ8jH3cT:RNmHyyc63YwQcTjT02NPTofJWXcT
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  New folder (8)/UpdateClient.dll
- Size
  
  64KB
- MD5
  
  760f24f0150a6e8dc15ac793c3172387
- SHA1
  
  920d5aafb4b460efc37b99564bd281e63c7eb647
- SHA256
  
  e113f8593244c1bb5bcc73fef0f93303c783714162cbd9ef93ddff5709c037ce
- SHA512
  
  e5251075164f9cdb154b0b5bf7b775c9720b0744d004b68ce6501a980342f45398505bc26f7cca982bd23a03609b3c78510a5778a93041e7614e17b369a7209f
- SSDEEP
  
  1536:DyvHa8En7WFlzobIrmKD8owRaggg5TIcO3YDmj7Hx4:DyvHa8EnKFqKD8aK0jj6
Score

3^/10

discovery
behavioral5
- Target
  
  New folder (8)/UpdateCommon.dll
- Size
  
  143KB
- MD5
  
  985f25c1d3144f37f046bc8f3e2b0c83
- SHA1
  
  c0b551c51317891d8220ab5a634c15acf8223e88
- SHA256
  
  3f71fa4c64376e85486b22de926f61c3e3cde3de6c1d484e041f265534ccd623
- SHA512
  
  b0db2c878948922243cc80ab015a954b11c5e08fce7dbe767722bc5082b150f277690acf9da1c657837e7a66059cafa7ba76c3695bba51b44467979f5a9c053b
- SSDEEP
  
  3072:8zWwFkpFMOKq9hC3ZWU+Oq1hZ+fVztxQ0rzc0to734o:s/zq9huqrZ+dbQIz1o
Score

3^/10

discovery
behavioral6
- Target
  
  New folder (8)/datastate.dll
- Size
  
  75KB
- MD5
  
  28f0ccf746f952f94ff434ca989b7814
- SHA1
  
  506e85d2de6377492d90b98aa20663b0ff3ce32a
- SHA256
  
  6010e2147a0f51a7bfa2f942a5a9eaad9a294f463f717963b486ed3f53d305c2
- SHA512
  
  b74ebb9a12079caf7bc074bb977ee94dc6ffcae845c1120026f384953fe2499d4bb0cdb7b6dcb2ff7f37e8135db06048815cc13d1837235eb11fe86e3c4572ee
- SSDEEP
  
  768:BdPmXHrMcRkZrVlqE6BI6TalNPzrrSRTy3IXGX8prYXDRMMUKkVp4VdEhahE:r+XrMzriE6BorrJIXJpCRM7fVp4c
Score

3^/10

discovery
behavioral7
- Target
  
  New folder (8)/sqlite3.dll
- Size
  
  889KB
- MD5
  
  7b3562cbd3525510a4a94ce49e98ba5a
- SHA1
  
  1b70c434a3109daf57496be1a9916f7d86d19692
- SHA256
  
  6347a9e00e8e3f18ae0f2edf19d6503761b3cf2d2d1a3badde9fd0bcdaa24063
- SHA512
  
  01828b9bc783cdd9a0d1036784725df156a0e908d7d0bb7c0c2380aa517e18ef354c5b74713cc267dea30d38e7520265a02a1221b79f3dff373eda0985db674c
- SSDEEP
  
  24576:9uxNAQB74x0FwTuis6eCwjH+SWLSzf/A/:9T+syis/LjH+SCSs
Score

3^/10

discovery
behavioral8
- Target
  
  New folder (8)/updater/nvdisps.dll
- Size
  
  11.1MB
- MD5
  
  da3e5ecda1487fdbcc6d7db314815696
- SHA1
  
  b2775d5a94a2af489590e1544dbff7176c39d389
- SHA256
  
  77173b4b61b59eca507ca3ece87a77a87e4e77a48dd162ba813d61cb0513421d
- SHA512
  
  cb3a14dbb15fad5bee97f3ec2236c7946778b1c884b38086026029f1bbbf20648e420bd829a82b8796f420ee50a5ef896bdc9aaccc67b82ac4e89eb67294c656
- SSDEEP
  
  98304:XNTNmlyn5aaKgwF2MxtrjgEe2eVivataUN3Dumf/S+CJ4RoLERm6iVv/lraqXtxG:XNT8lxjVWiCwUN3d/RbCv/9tx/KLce3
Score

5^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral9
- Target
  
  New folder (8)/updater/nvdispsr.dll
- Size
  
  11.0MB
- MD5
  
  d74d7dca89d97bc912a376a5c34172b1
- SHA1
  
  6420073ab703884dbacd499c1b7174f858e2068c
- SHA256
  
  0681d4e92b84d238b3e3fb118b0a359be1aba83528b94f7fde2d9101d8163417
- SHA512
  
  3e4a308794b05b9eb99902367ed8916a590316261175b02dd35007fabd900d715625e48aa0d5b5518f02550b0b678eb7ef83dc96f68632d93d21378351d82f2c
- SSDEEP
  
  98304:0lRaeidue2eFivataUN3Demf/S+CJ4RoLEROyiev/lraqXtx/SzLce3hNc:+CliCwUN3d/Rb5v/9tx/KLce3hNc
Score

1^/10
behavioral10
- Target
  
  New folder (8)/updater/nvptxJitCompiler32.dll
- Size
  
  16.6MB
- MD5
  
  3ea5205d6831ddc3670ab8eeacb853f5
- SHA1
  
  dadb303e031089535ea01c8a10d89c1033a5d7a4
- SHA256
  
  caa6ae6c505e54875761443171c229ed367b2e51e448a9034b81be062b961847
- SHA512
  
  5e7118d3db968d30f7020fb5a3e4373acd1572eb7736f55229d1aba836e43b755cff2d78e7bd22daebec5a53bbcf7eaf00a0a5d233bc6679c36675a03bc1b36b
- SSDEEP
  
  196608:LeXcR+Vei+lHBfL90NUIE4/pp1D84she84lt7Hpml9DCqIsXC:Q5+7j9SG4lw4HDltLknc
Score

3^/10

discovery
behavioral11
- Target
  
  New folder (8)/x64/trading_api64.dll
- Size
  
  282KB
- MD5
  
  2bca4e2c047ec969cb3cff277e7fc184
- SHA1
  
  c4b5b00b605e59c6fdcb6731f2e53069506e287a
- SHA256
  
  f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
- SHA512
  
  3819178ec650298157b1d67317e0895cb92709b106d0d8525921e341eba5e960f42434e010066bb405f1ba1619adff1a645ede58e16c4b2d88df2c90611a6cb5
- SSDEEP
  
  6144:Aa0EKzmilQBrUssevOkHcAxilMrCynC0bcLd1x:B0EZbr3se1SynC9x
Score

1^/10
behavioral12
- Target
  
  New folder (8)/x64/tradingnetworkingsockets.dll
- Size
  
  4.1MB
- MD5
  
  3cf26ce759c5e261fe3ecc6451b8b08e
- SHA1
  
  b5da110034fe394a4020367404534903764473fe
- SHA256
  
  fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1
- SHA512
  
  e7b543483f38bb6338490b5c8f5da6f95e0d78b45f2b26d898cc3b58cf7c359952bfe413414cb6cd1532c3c6fd7a860026b2bec7b6d0ddfbee9a1385a62e14f2
- SSDEEP
  
  49152:kGtlqhcIU6ilVwASObX9F+LWDumqrJjAZVT4kmrqEUAYVxkG3q+XRQsmqkALD4z4:M+dl7+8z1mqkA8lv0bH1bBGZZs
Score

1^/10
behavioral13
- Target
  
  New folder (8)/x86/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  17KB
- MD5
  
  29001f316ccfc800e2246743df9b15b3
- SHA1
  
  dc734266648d3463c1f8d88c1ce7d900a4e3b26c
- SHA256
  
  e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
- SHA512
  
  4cffc0c6f94fcd1155909993c622b9103abd7a7bce88742a10abd6a3496a334d667a39bb601f99eb174aa847d7dae056e0d9769754ca86320579b262a20a6599
- SSDEEP
  
  384:WRtwDfIe9jWfhWC+Y3DGk8ZpH3GCJErra8o7Q+Y3DGUKn8JN77hhET:ape9A5DGkiRBEXaR70DGa3hqT
Score

1^/10
behavioral14
- Target
  
  New folder (8)/x86/api-ms-win-core-profile-l1-1-0.dll
- Size
  
  16KB
- MD5
  
  6ee66dca31c5cce57740d677c85b4ce7
- SHA1
  
  8969db03f98f9548caf8e2d8c7f2f5cd7071f333
- SHA256
  
  d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
- SHA512
  
  592e3b6c689a0d6c87079c54c3e13e6ee1fc0c5c770abc854040e85464687c46f0a558be22f8759dbc4a100810386ee379ffe4359cf9091d9afae548bc597be2
- SSDEEP
  
  384:WiIWfhWx+Y3DGk8ZpH3GCJErcx3l/r7+Y3DGU78JN77hhC6UHR:doDGkiRBEWV/rxDGT3h06UHR
Score

1^/10
behavioral15
- Target
  
  New folder (8)/x86/api-ms-win-core-rtlsupport-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  0069fd29263c0dd90314c48bbce852ef
- SHA1
  
  dfb99c850a69e67e85f0a0985659f325bd8f84fc
- SHA256
  
  d11093fdc1d5c9213b9b2886ce91db3ded17ef8dae1615a8c7ffbc55b8e3f79b
- SHA512
  
  71965e8dd2fd81d0c6dba4dbec8d2d1bfd4a644ef6bba4f6027de4bcdf9c07da16f27f2156c21b52e678c75f0a93a4bcbc3e1942f0a73f1eea5ff64b70662f70
- SSDEEP
  
  384:WCGeVxWfhWD+Y3DGk8ZpH3GCJErYtN+Y3DGUO8JN77hhTew:3GeVmyDGkiRBEojDGa3h9ew
Score

1^/10
behavioral16
- Target
  
  New folder (8)/x86/api-ms-win-core-string-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  2e5c29fc652f432b89a1afe187736c4d
- SHA1
  
  96f8480b9339411d5d8c94918e983523b1a55c56
- SHA256
  
  3807db7acf1b40c797e4d4c14a12c3806346ae56b25e205e600be3e635c18d4f
- SHA512
  
  fe1135532e18127f2cfefaaa4a19020d6c790374f648dc93383d58ee52b147d1451af01b8624234bd5d77abe2451eb3e15cbe72a19d283f00cf78c05c43041df
- SSDEEP
  
  384:W4yMv9WfhWx+Y3DGk8ZpH3GCJEr4ey/+Y3DGU888JN77hhnY1:DyMvaIDGkiRBEsnDGX3hxY1
Score

1^/10
behavioral17
- Target
  
  New folder (8)/x86/api-ms-win-core-synch-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  979c67ba244e5328a1a2e588ff748e86
- SHA1
  
  4c709ce527550eb7534cb6362afdb3623c98254e
- SHA256
  
  8bb38a7a59fbaa792b3d5f34f94580429588c8c592929cbd307afd5579762abc
- SHA512
  
  49f3c3319aa462b445c6a0b816e10034f6e5a9cf1250ea30b348cfa1ef71525e9f62e2f13253f61375f51fc574847de0d509cffa95103771be356327d5fef90d
- SSDEEP
  
  384:Wjdv3V0dfpkXc0vVaCWfhWt+Y3DGk8ZpH3GCJErHZpn+Y3DGUrUN8JN77hhYl:Wdv3VqpkXc0vVabkDGkiRBEtplDGEUq8
Score

1^/10
behavioral18
- Target
  
  New folder (8)/x86/api-ms-win-core-synch-l1-2-0.dll
- Size
  
  17KB
- MD5
  
  659e4febc208545a2e23c0c8b881a30d
- SHA1
  
  11b890cc05c1e7c95f59eda4bb8ce8bc12b81591
- SHA256
  
  9ac63682e03d55a5d18405d336634af080dd0003b565d12a39d6d71aaa989f48
- SHA512
  
  010ab6d3971fabd2a956f891b8d9d20ef487e722443b2882a1a329830dc5c80d262e03a844cd3f5c3e4efcfbad72b9e1fbbf7d9dc6cf85ed034d84726946ce07
- SSDEEP
  
  384:WHtZ36WfhW8+Y3DGk8ZpH3GCJEFxMDD+Y3DGEC8q8JN77hhFGT:EbDGkiRBEsJDGS13hj+
Score

1^/10
behavioral19
- Target
  
  New folder (8)/x86/api-ms-win-core-sysinfo-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  cef4b9f680faae322170b961a3421c5b
- SHA1
  
  dd89a2d355df989bbd8648789472bfe9c14afcd5
- SHA256
  
  1fe918979f1653d63bb713d4716910d192cd09f50017a6ecb4ce026ed6285df9
- SHA512
  
  f56617290d4ac25231631d708a6c8b003bdd358bae9672f7dee539a96b292c13e04c65ba5f05937c52f73288eb3dd7cba479ed030942a0d9d3a15512548fa4a9
- SSDEEP
  
  384:WBTnWfhWt+Y3DGk8ZpH3GCJEFxqIDh/h+Y3DGER6vJ8JN77hhHWT:0TsIDGkiRBE+IxfDGM6vW3h5WT
Score

1^/10
behavioral20
- Target
  
  New folder (8)/x86/api-ms-win-core-timezone-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  69df2cce4528c9e38d04a461ba1f992b
- SHA1
  
  bb1d0da76cf696acf2e0f4e03e6d63fbad4325aa
- SHA256
  
  a108a8f20ded00e742a1f818ef00eb425990b6b24a2bcd060dea4d7f06d3f165
- SHA512
  
  4d02eecdda0fffc10d5509830079984c7a887b4ca3a80359aa56117b302dcfa594b0710c9f415c823d1674b5c689d31aade44f21750ccd7d53010e67f0b6f0d2
- SSDEEP
  
  384:WGOWfhWc+Y3DGk8ZpH3GCJEFxi+3T7Tu+Y3DGEu8JN77hh2KI:5XDGkiRBEm+uDGQ3h7I
Score

1^/10
behavioral21
- Target
  
  New folder (8)/x86/api-ms-win-core-util-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  c6553959aecd5bac01c0673cfdf86b68
- SHA1
  
  045585659843f7214c79659a88302996bfb480a2
- SHA256
  
  68bd9c086d210eb14e78f00988ba88ceaf9056c8f10746ab024990f8512a2296
- SHA512
  
  ae8e42a428202d05fea4f1e6a4d3b919b644a792567f876b0fc392b1cddb856547b4c3b433c002fded6df4d4daec8fb7235f30d1ff9f42943d9e2557ade364d6
- SSDEEP
  
  384:WyzWWfhW++Y3DGk8ZpH3GCJErst5+Y3DGU1a8JN77hh8T:35DGkiRBEQpDGw3hKT
Score

1^/10
behavioral22
- Target
  
  New folder (8)/x86/api-ms-win-crt-conio-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  7190cbfad2d7773d3b88ccc25533a651
- SHA1
  
  71fe2bacc14b433d51328ea0810c1a030c80d844
- SHA256
  
  4aeeae0ac9f6c1b0b8835067ea3b7fc429f353565f18de7858f4ea5d6f72072e
- SHA512
  
  b314666c400268bf261c5f9e9966ad0680435241e7a24d85b28ae4405d798b80eedb65ed8db7e8d93df90f886a6719a8b7ace8c25d0429392bc061868890c40c
- SSDEEP
  
  384:WL5WfhWO+Y3DGk8ZpH3GCJErBf+Y3DGUCU8JN77hhIw:FVDGkiRBELDGfX3hKw
Score

1^/10
behavioral23
- Target
  
  New folder (8)/x86/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  3e415147ccd7c712618868bdd7a200cd
- SHA1
  
  b332f29915d846519dcb725d39e8c50604d7b414
- SHA256
  
  77b69e829bdc26c7b2474be6b8a2382345b2957e23046897e40992a8157a7ba1
- SHA512
  
  7e7e50f148414f8a84b4c39d3c7c1e0952f86f95873f3abc25b7f08574bbcce41394a59451868020b178bf68df12615bd356677e8c935c1185c5d07d15e61896
- SSDEEP
  
  384:WluyxWfhWK+Y3DGk8ZpH3GCJEFxkNN0O+Y3DGEhy8JN77hhHL:RhDGkiRBEqDGsd3h9L
Score

1^/10
behavioral24
- Target
  
  New folder (8)/x86/api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  ad0cbb9978fcf60d9e9ca45de6a28d30
- SHA1
  
  65549d9d7ee72de7d0cc356f92ad22eeb8dc18cc
- SHA256
  
  6c9c0dc7b36afe07dfb07dd373fc757ff25df4793e6384d7a6021471a474f0b9
- SHA512
  
  aaf4919e7629cd0bcf52283d578214043a4bdf6597a7d808dfcecd5fa1ecbd0b1395c60a165c575d20ca42928500815e14837b9e05530a667c6898e14243d64d
- SSDEEP
  
  384:WgWfhWx+Y3DGk8ZpH3GCJEFxHiA6+Y3DGEi8JN77hhksg:CsDGkiRBEJeDG03hCD
Score

1^/10
behavioral25
- Target
  
  New folder (8)/x86/api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  14f407d94c77b1b0039ae2c89b07a2ff
- SHA1
  
  528b91a8a8611da45463fac0a6bd5c58233f8fbc
- SHA256
  
  85b1b189ce9e3c6f4d2efdd4cd82b0807f681bea2d28851caaf545990de99000
- SHA512
  
  152b97a656acd984592bf58854222ec97c661f9f8d19557ea03501457fb5a07821f90d332f21b1b51a5bce5ab84f862354b8ee21c7c1f6b7aa1c127f4a73ab5d
- SSDEEP
  
  384:Wcq6nWm5CpWfhW++Y3DGk8ZpH3GCJErNi4H+Y3DGUfhd8JN77hhcu:G6nWm5CeBDGkiRBEp5DGk63hqu
Score

1^/10
behavioral26
- Target
  
  New folder (8)/x86/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  9c373c00ac3138233bdf1655c7be8e86
- SHA1
  
  ee38f868e32950d1b8185249edc6ad4e1bc5592f
- SHA256
  
  0166edfb23cfc77519c97862a538a69b5d805d6a17d6e235f46927af5c04b3c9
- SHA512
  
  d2f56b3169c1fea1a604523b2215dbad02c6306bd804445b367756f288310554dd049aefd024babc26a3b270b8aede8b10e5ec8d80e772d3d1076b8013491067
- SSDEEP
  
  384:WgY3eRWfhWn+Y3DGk8ZpH3GCJErTpTX+Y3DGUm8JN77hhwJ:TGeDGkiRBERTVDGm3hiJ
Score

1^/10
behavioral27
- Target
  
  New folder (8)/x86/api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  c5d747f96237b6e9aa85c58745d30c80
- SHA1
  
  c6ad21597265faf25ea8d7f09577f3e6f4f7be10
- SHA256
  
  f16447b5fc7fe6fb8a6699a3cef1b2b8ba92d408579bcc272d3dd76acd801e2a
- SHA512
  
  5bcee06d62633ecdfdf5dd1bf92ff9278f535dc5f21bfe36faaca15e378beb4da6be7ba9767569119fbf9f7383ffdb3a4a17c99d5918a64b8e12926ac0ec3140
- SSDEEP
  
  384:WVWfhW2+Y3DGk8ZpH3GCJErYIcc+Y3DGUA8JN77hhKdf:JxDGkiRBE44DGk3h09
Score

1^/10
behavioral28
- Target
  
  New folder (8)/x86/api-ms-win-crt-math-l1-1-0.dll
- Size
  
  26KB
- MD5
  
  bc418a3461c5fdfa1a0d75f7e03d08a7
- SHA1
  
  5cfefa62226f117b7e2fe58961269294eb62b84c
- SHA256
  
  c7115159babdaa1f52e478e67b4e612da2332fda4e4036999b29425fe303b6e8
- SHA512
  
  4c9f3d461a5fc42d829d517ef523423ceb18f6667e6f2d83f1e5cd645a359d32b58ac8652ea734f567ed3b9e2999f358bf0e95bf38265df7abe3fe4b2f5fa978
- SSDEEP
  
  384:WXQUbM4Oe59Ckb1hgmLVWfhWC+Y3DGk8ZpH3GCJEr0a6eOq+Y3DGUOe8JN77hhoq:SRMq59Bb1jyRDGkiRBEQeOODGp3hqQ
Score

1^/10
behavioral29
- Target
  
  New folder (8)/x86/api-ms-win-crt-multibyte-l1-1-0.dll
- Size
  
  25KB
- MD5
  
  9e9c6f83a015029808f5257f7b7e39c6
- SHA1
  
  5674192eb60eb152773fe0d50161f32759e2ea0f
- SHA256
  
  c6b4e1d903b3cc83bfaffbe4e82eee634cff8f97f12217caa45b464ddc4e1455
- SHA512
  
  6e124732646cbe95ef94773d57b08c68a399854f906b14f15996bb12400d5e92b34596c38795a3ba4cdf8db4e8dd5ad486890634951a4686c6679b486ab19cb0
- SSDEEP
  
  384:WPy+Kr6aLPmIHJI6/CpG3t2G3t4odXLVWfhWS+Y3DGk8ZpH3GCJErRMOnR+Y3DG3:uZKrZPmIHJI6kVDGkiRBE9nDGa3hYV
Score

1^/10
behavioral30
- Target
  
  New folder (8)/x86/api-ms-win-crt-private-l1-1-0.dll
- Size
  
  68KB
- MD5
  
  ad8d9a6ea592a6c8a78c67a805cec952
- SHA1
  
  3e9f35013044be456f33e300418453ab12c70df8
- SHA256
  
  696c10112d8b86a46e5057cbd0bf40728e79c6bb49cda1f2c67fe45d0fc1258d
- SHA512
  
  31c1b5717432b67e6b150911747f34e8099c1a0870262bb3b5d3ac5c9e28b3b08e4239bd105408318806f983b3fcd10e617b2385511c46efe9fe58a9cd4a7067
- SSDEEP
  
  1536:b/XeuJDe5c4bFe2JyhcvxXWpD7d3334BkZn+P7niDv3hO3:DXeuJDe5c4bFe2JyhcvxXWpD7d3334BD
Score

1^/10
behavioral31
- Target
  
  New folder (8)/x86/api-ms-win-crt-process-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  66f4e530a19ed2f6862b5ce946437875
- SHA1
  
  016bfa4eafb407e43abdcd9582dbca7dcf85d3de
- SHA256
  
  542a22540cdb7df46d957a0208d50507916f7c737bea833931239d56ebe8d68c
- SHA512
  
  2653b2118f4db250850dcefd3536e0fd2bc55e9774376b51e586658e4e5d79a35cb425ebe0a8391124997e24c8aaa84bac799162a31446ef47db667a4a3f0eb9
- SSDEEP
  
  384:W3KAWfhWk+Y3DGk8ZpH3GCJErW25tL+Y3DGURRQ8JN77hhGz:fDDGkiRBEy4BDG43hgz
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Suspicious use of SetThreadContext

Event Triggered Execution: Component Object Model Hijacking

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32