Overview

overview

10

Static

static

3

Config/cy.vbs

windows7-x64

1

Config/cy.vbs

windows10-2004-x64

1

Config/fold.vbs

windows7-x64

1

Config/fold.vbs

windows10-2004-x64

1

Data/libifcoremd.dll

windows7-x64

1

Data/libifcoremd.dll

windows10-2004-x64

1

Data/msdia100.dll

windows7-x64

7

Data/msdia100.dll

windows10-2004-x64

7

Data/mysql...ors.js

windows7-x64

3

Data/mysql...ors.js

windows10-2004-x64

3

MigrationS...cs.dll

windows7-x64

1

MigrationS...cs.dll

windows10-2004-x64

1

MigrationS...es.dll

windows7-x64

1

MigrationS...es.dll

windows10-2004-x64

1

MigrationS...st.exe

windows7-x64

1

MigrationS...st.exe

windows10-2004-x64

1

MigrationS...p2.exe

windows7-x64

1

MigrationS...p2.exe

windows10-2004-x64

1

MigrationS...ct.exe

windows7-x64

1

MigrationS...ct.exe

windows10-2004-x64

1

MigrationS...st.exe

windows7-x64

1

MigrationS...st.exe

windows10-2004-x64

1

Rapid/Refl...001.js

windows7-x64

3

Rapid/Refl...001.js

windows10-2004-x64

3

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

3

libcrypto-3.dll

windows7-x64

3

libcrypto-3.dll

windows10-2004-x64

3

libssl-3.dll

windows7-x64

3

libssl-3.dll

windows10-2004-x64

3

swscale-6.dll

windows7-x64

1

swscale-6.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c327d3b28bee270b49ba6d6b97dac0e96cb012100aff36cd69dd498da6512fc2.zip

  • Size

    5.9MB

  • Sample

    241230-f8f4dazmaj

  • MD5

    5e9eb509117dc4d47af8b283a6fe1529

  • SHA1

    1cb3f581e384e259e6f95777c8f0019a55dcefa1

  • SHA256

    c327d3b28bee270b49ba6d6b97dac0e96cb012100aff36cd69dd498da6512fc2

  • SHA512

    b8140668cd1afeeec6fd619172e2a7dea2a8711a1f5014b5749123f9243492e57359b219489a4ef315cd95cd8b9cc4fb069a9cd1b103b89eb3c80437cdf76137

  • SSDEEP

    98304:LGGvqni/GyhqedqhgGhSXvYgeKGbaHf8S+4wOvL51rtzu93/j/j66N59xj4pWtga:LGGyni/GIdZGhu7GY8StwOvLrUx/q6Np

Score
10/10
lummadiscoveryexecutionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Family

lumma

Targets

    • Target

      Config/cy.txt

    • Size

      5KB

    • MD5

      0f5662a68805d859f871edc07e766a57

    • SHA1

      aa4c9c1271fd5ffdc6076ddfe157d9fb8e0018b8

    • SHA256

      931de741a6c8f1348a946623776fe36c55dd2fc384c7b1478225f7467853199e

    • SHA512

      cb8c072a8f6c782b678845e156493ac3b2e29a0821e2939aa5119f28289c0e70dd70eb3f7e4832bdb5e8ac1f486a3d7900ec013a637ed117320b96740f37a8f1

    • SSDEEP

      96:iJsNrEk72eXm2pFX6NFYrIKwlQvvGtpoUYPti1La7g2XC0YsY0sq6eFnc:iONrD5vAabutpoUYP17g2OOhc

    Score
    1/10
    behavioral1behavioral2

    • Target

      Config/fold.txt

    • Size

      24KB

    • MD5

      ec70d9ac95e4d0c8ecfc859d46e2eb3c

    • SHA1

      8e8841af11d71526e303b78a0a14d0e6c44f018d

    • SHA256

      16f84c45c630ce3071a164aa46fd2dc09b2f9ccd992072c8660fc2f737f8780f

    • SHA512

      2a445d2ab8e1a285b923088b366e004544f9263b7a65f07bc957105541bdc30587e5dad723f1780b1f28e284ffedf796f40659ae8f6679988c1f9fe920acad56

    • SSDEEP

      384:d3Kf2NNj/2BsTTrwKL0xG0FT3cUfGs5mB8P2POzejbhg13F9hgZ5:pDD2o/wKL0jNGfr2AbyD+b

    Score
    1/10
    behavioral3behavioral4

    • Target

      Data/libifcoremd.dll

    • Size

      995KB

    • MD5

      50b7ff052fbb4d17eb7a8d93f5e13fa4

    • SHA1

      10eab5186c8a7612df8dd66a41e8998840a98a20

    • SHA256

      ad35690d19f2c5719a0100838e9c94fea2dab8b91e2c3c05922adf03a3478fdf

    • SHA512

      8d10cc9ca97e33ac2faded0361c1b03b9796f6d5b71c8aa09f64ec9b423c9a440d17a89bfa187261433e87715a12817d11243cb13fdaddf529b864c265e3110b

    • SSDEEP

      12288:oHoXRZ6J9gOUh69d63x3u7uMmKMJYc1KJsEFIL:oHohQrUhbeCKMmk4sEFIL

    Score
    1/10
    behavioral5behavioral6

    • Target

      Data/msdia100.dll

    • Size

      966KB

    • MD5

      58b80d366d68b524e1b4fbb4c7dbc511

    • SHA1

      c42756154a35923542317fae2376497d0035c51b

    • SHA256

      e3893c35187b0dd848758979ebd0d766fc99f918ec9e685297f7d6ca080f122d

    • SHA512

      7754b6f9093ddec47ae2679a32a6b9d8595bb2abf25eb8ee2043efcf68449d17cc9ed109e59c25ec19f476ba1bc70c4de51fa6f3be1d98d6e3894ccf419a2122

    • SSDEEP

      12288:tc2YwE7VSxeUMUCcTd8Ht4lYyF2f78oyoMZggTSy:S2DE7oxeUXfaHtkYZjiQg2y

    Score
    7/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral7behavioral8

    • Target

      Data/mysqli_query_iterators.phpt

    • Size

      3KB

    • MD5

      d0684b5f49ed514b37fa1797aae6e15c

    • SHA1

      e88b99f4c8d43e3489becdf7161d89089f447815

    • SHA256

      256d206db13eb303c9797d47863e476d4a253bf733c8c22ff4122f73015c2030

    • SHA512

      8aebe24f428044847623fd38cea27fa1c47361f93c695d765d60f501142ae3a7c177e3935d10276ac7945561a9b4ab9d6422703be8d66f2fa5949575c38b1cf0

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      MigrationService/System.Security.Cryptography.Pkcs.dll

    • Size

      862KB

    • MD5

      00f4e19c04bd69c7088294d4646e9695

    • SHA1

      25f5ee855f2224de507e1d483b2141b4b1da81f9

    • SHA256

      f85b2aa7110679bcc4ab3aaf39027d6378ba08958b4ecfcd6fde23a052f3c93f

    • SHA512

      f8ae7bb53935c720a9011fcf79a9d91d413646ae05385930013f17f8102b69d67cffc0031dee5a3d5aa7a20fa747e97effbdebce23742f96e5413a352592154c

    • SSDEEP

      12288:DkRn3oYsRVuqzVh2ci0pGd5pBiaERvAdJd8nPvhC3RF/u3kO/JMFLSMIx1w8mmYn:DklacLrtYApa2KkO+pIx1w8mmYZY0dkW

    Score
    1/10
    behavioral11behavioral12

    • Target

      MigrationService/VBoxRes.dll

    • Size

      894KB

    • MD5

      fa8cc3ea706186037d74f024cc4e5eb1

    • SHA1

      c6a7de001b729997e645e7b8cefade47d3abe0ef

    • SHA256

      17c27ca7a122909675e3b5d48eef7652583c9823ba2bdd2cdbc278ddef2cb188

    • SHA512

      53bef2fc1c702675c12e8b68923ef0369bb6c4664519bf9dbdef777ace4f5e652e3c4525619cf3b4ace1c04f96309ae6b67e07fd3af09a6f7c6f55247724ab94

    • SSDEEP

      12288:MQKjC6UfHlf8VETpBeK/wlOEUyeNNUcjpbuOA0hLdM0Kdf3YkwwdBCWUQHrT:mm6UdfGN8EUxtpCOLI0Kd/YkZCWUQn

    Score
    1/10
    behavioral13behavioral14

    • Target

      MigrationService/helper/bin/ahost.exe

    • Size

      49KB

    • MD5

      15696a8a5556dc93b61a4cb89637a042

    • SHA1

      23a7bac5a4ef274cc7058e289098fe1f56759191

    • SHA256

      f5bce745ed86d899da269be477ffd36d3f017a8fb43c82fc7e22cd227d76d586

    • SHA512

      dcfc4b44f4f4753fa3113e6940be5db41f849826a9a2ae89e3725616bd5387b02ddae70d52d6cd8c76215fc9672bf9740ef93aacd13215d74f17ef632847c897

    • SSDEEP

      768:yFC4l0RYrkYdoQuNmrhGHXHLw2SOrrVtwgmw3MVKBZT3EGE32XWu6D9vMG4:20RYrkioQtdGHXLwvOrrVtwsX3cyWXMB

    Score
    1/10
    behavioral15behavioral16

    • Target

      MigrationService/helper/bin/bzip2.exe

    • Size

      66KB

    • MD5

      5466b1d249b1e6ee167bad7621fb0369

    • SHA1

      c8a37affc07467ed90f143301ea676ab1ef06604

    • SHA256

      f078a78be891c08ef2a678308a1e574f0f0fedb697399c7ef9795cd5e662f6b2

    • SHA512

      0ef27019e49edf92f958f806cc44a657262852e7250dce3bdb55c23997c243eafddd24f1234f4a5a2e7d7307806ed6cda1f7994e4b01cd0fbb59cb8a6b0e300e

    • SSDEEP

      1536:ryDc1TjZo2uM55JA9ldrsz6LckIH5rwGuEou8SWnFb:OPMRO6WLEH1uEWnFb

    Score
    1/10
    behavioral17behavioral18

    • Target

      MigrationService/helper/bin/connect.exe

    • Size

      82KB

    • MD5

      f23ff94f969c882e26f184d48acacf1c

    • SHA1

      c4c155f8772def8c2c3e2f5ec3f66d284b0953c4

    • SHA256

      ceb2fd60cd2bb94ce37c875ca502094208c2bfd04b96cde9a4f994f1d08a3318

    • SHA512

      6c1a6109cc48a77f773a379a3b2b3ab68d42a72ad9e94b3a6cd08ee796dbfc10a2ca1f595afc029f4abaa6c839631889097436ef065c9a294047459631e68a02

    • SSDEEP

      1536:LVZR4HrIUchFuB7kU/VJPGY7fMN2/rglxpQxzP8dRZZZTMRW98o3KC:LVP4HrIUchFaQUTPGYgNJxpqzEdRZZZ9

    Score
    1/10
    behavioral19behavioral20

    • Target

      MigrationService/helper/bin/trust.exe

    • Size

      229KB

    • MD5

      f825cf140156703f5b0119dd32f13fe3

    • SHA1

      927e207d484ffe3271f98e7a91d5d2250e690357

    • SHA256

      95a65f1203e444c80fde62f10d3b6f24ff7ca2ab14a253cbdbccce1e2ac58462

    • SHA512

      c96f77e13b8ef53a48cc6021b4408ba7d558589aaab1d39db617d5d9c93f28863df44e32f53d6d8bb800d32edab5564c305f59bb5e921eaa8a2307edc387d88b

    • SSDEEP

      6144:SkKkDol2hRzlT2pR0RQGQQU7k1TAH1OobTrLPvfVYpm3xj8vp:Rol2h9V2AQ9PvfVcm3xj8vp

    Score
    1/10
    behavioral21behavioral22

    • Target

      Rapid/ReflectionType_001.phpt

    • Size

      4KB

    • MD5

      04614f06917bd19ffc59e33a0283726f

    • SHA1

      b1ee0d124fc842f714dab0d1d4dfa4eff7e5bfee

    • SHA256

      9b8967daffd218d8653f1f0d57625ca351559ffc48920e69d0ceaa6d19d53044

    • SHA512

      b6392f13a73dbfa79843f11050c9005b1b6641c8e1ed636901dca80abb6a1e75f654974ae148c0e66965ddc36b3e51e2f7b99350e3b9549b84b315f1b0da1d55

    • SSDEEP

      48:TbiYwYf0P7DI5sTpRBgI76Yuk7jyYy1aB6f0kbtL2wNC6FCyBeo0Vo7jkVQ2FZMW:TGYd0nI5c/76SM0LQCyBWp1pZSFi

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      Setup.exe

    • Size

      72.9MB

    • MD5

      2f30fcf726e3fcdcbdaec184de4eef49

    • SHA1

      eb903c0ac418fcaa95838de2687734192362e7f0

    • SHA256

      7550080fc9af42e81213c822f1279e641ed7bc95b801d5d0c933d069fb501e5c

    • SHA512

      67de50ae4acb7911fb64965a12e300998662d9c619ca9a957cec4e3fedb5c67071b9363f2d0fd8e7e3c0e3e3aba6675d065fc36f5c440885bb890a794c66e6da

    • SSDEEP

      49152:Cg2qPtc1e5OS7bPGoUl+x/grNPazvchYk2pq4:CvqPCnrNPazvSYI4

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Lumma family

      lumma
    behavioral25behavioral26

    • Target

      libcrypto-3.dll

    • Size

      3.6MB

    • MD5

      0b50af671b3ca8c14d2bf613b06ce8b4

    • SHA1

      e6d80daf9a34f35af0e0a9c1ac1db2cc235a79bc

    • SHA256

      1bfc83cc86e3e19a8a8190d423c97a10475ce7b9c5f86204d556c52306d84aed

    • SHA512

      5f65df2a090e563447e71363ae547698c06278a1745200baeabd5d95b63f559444823df3596f0335d752b00077340d589fc325421a59de17ad2b1597cbe8f857

    • SSDEEP

      49152:1ljSvE+iNe2ItxqnCxHhfOhWyj2yvylz0K+1huI1CPwDvt3uFYDClFtFFGJmel:1ljmEoFqWyquK+71CPwDvt3uFYDCG

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      libssl-3.dll

    • Size

      621KB

    • MD5

      bcfb81b00340d8f24ddadd1865e7a6d4

    • SHA1

      68df30c847d42c70a9de882bc05587085c123de2

    • SHA256

      e3ffe6d8582421bbea8e8ec63c8001d21df7bb20bbdae8293fe4763c781f42b2

    • SHA512

      c3dc3a04339c26e724656abf92f6e0e8091a03843d7233c1774339da74e513ff12e71aa31c0d481db0f8474181122318f4be2f21606a35c2af6b61646cbfa76b

    • SSDEEP

      12288:fJhdFgBiRX1ggfw3A+gcf8zHTvv2RJB7Kpj/NOq2AU3YKHlFe9XbewPXE:fdFVRu1+p4L3YqFe9XbewPXE

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      swscale-6.dll

    • Size

      675KB

    • MD5

      e28713a694071dfe4856e49a73a5e497

    • SHA1

      613615d3b2656f9bba085159e34f147aad7114a3

    • SHA256

      743f4010d17ffdeea281c9d016ad015aae3d41c3e8de2fe65f59b261c1976fb8

    • SHA512

      4b2c968c1edacc71cbcc19ac0275cc553f5c173b0a156957c0822e7fcb9013436d3365a807455b87511ec67ba70abdd0c0715e10a83f60616933461b1788b190

    • SSDEEP

      12288:lcHk+UahaQPXriv9gimyFc6MMMbtF+vM0zW5ACDddyNd+JnypvnJlef:lcHkg099qeMbtchW5ACDddyNd+Juvnif

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

persistenceprivilege_escalation
Score
7/10

behavioral8

persistenceprivilege_escalation
Score
7/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

lummadiscoverystealer
Score
10/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10