Overview

overview

10

Static

static

3

4.exe

windows7-x64

10

4.exe

windows10-2004-x64

10

Lumm.exe

windows7-x64

1

Lumm.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lumm.zip

  • Size

    7.0MB

  • Sample

    241124-q43rpaynap

  • MD5

    7104becac5f97ad8011eefa2c715ceea

  • SHA1

    85ed85e98fbe5b48e872ec8395876724477c8479

  • SHA256

    98e3b893cf14f34cc88db84ae11797fd0b93d9d278b7caf36cfdcd126016332c

  • SHA512

    ecbdb2af5453409091b13ca8b173c23738882d7e1eab7d36a77bf0d927bc85f50c5678bd3759d24984886a75b6c7f61a2f24d59717f23ffbe7383d6cbe12a421

  • SSDEEP

    196608:m4n1XhFqC/P3Hc3HFbit4gDuZri1WLCNh9BVqo:TrFh/P3Hslbk4gSkILgh9BVqo

Score
10/10
cryptbotcredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      4.exe

    • Size

      7.2MB

    • MD5

      4cf7ec59209b42a0bc261c8cc4e70a48

    • SHA1

      415ec9061883da4cadb5251519079dfe59e0924a

    • SHA256

      2e5e8a0087e49de9ba8df196bc71e3ac0d6c2ca6095ac3ff91205bd9d8eaf678

    • SHA512

      de28c9871740577f89902b6e65c3dd00889dfcfcb3ce83fad05070761d1dc9ce4fe85f92e8443f80cf4869956a4f558b60b509302d38b1bc53b5b3536936e7d8

    • SSDEEP

      98304:pcuEoWQHAnRyKP6O2xxe5W42wWMlKL35:YRA0Z2OaMlW3

    Score
    10/10
    cryptbotcredential_accessdiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Detects CryptBot payload

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealer

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      Lumm.exe

    • Size

      6.2MB

    • MD5

      11c8962675b6d535c018a63be0821e4c

    • SHA1

      a150fa871e10919a1d626ffe37b1a400142f452b

    • SHA256

      421e36788bfcb4433178c657d49aa711446b3a783f7697a4d7d402a503c1f273

    • SHA512

      3973c23fc652e82f2415ff81f2756b55e46c6807cc4a8c37e5e31009cec45ab47c5d4228c03b5e3a972cacd6547cf0d3273965f263b1b2d608af89f5be6e459a

    • SSDEEP

      98304:u4bRxuHuFP2rHLpHPA477yNRgoPbfnRROWR721LYfs17u0kcFrXLEJfwY:u4NxuOFI1AEyrbf/52BYfs1LkcFrXL+X

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Modify Authentication Process

1
T1556

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Authentication Process

1
T1556

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Modify Authentication Process

1
T1556

Steal Web Session Cookie

1
T1539

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Query Registry

4
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks