lumma | d7e4f8af935f52cbbcd311c07ec66b2ec5c7d5952dbf7b8e1414ff6795b7527f

Sharing

Copy URL

Twitter E-mail

General

Target

MasterKey Pro.zip
Size

75.4MB
Sample

250128-xwv57symdv
MD5

49314e8797757e99bbb004ca44f5efe2
SHA1

a6e19fd8c17c27c6cfa1335cf53372fb8abd38a8
SHA256

d7e4f8af935f52cbbcd311c07ec66b2ec5c7d5952dbf7b8e1414ff6795b7527f
SHA512

076757912406b2207ae73fb0ada0cca62d0c87f8cdc0c34f515ad389910d5065ba77a8bd81635eeb5c6886726d8fccca611141d2adbc667e6ab9a4816b03ceb0
SSDEEP

1572864:hVV6WyB63K0hIN3ikXkUOSvYknqSEwaTEzgTlCXmBpOxpwqftC:hJ13K0hwjkUOMYkqSSozD2Cpbc

Score

10^/10

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Targets

- Target
  
  MEIPreload/CPFilters.dll
- Size
  
  862KB
- MD5
  
  6b9d1597fd7c350d3cc9e86c76a204ce
- SHA1
  
  a1213a4a4b875572f5ff2d4787cea50e3d350eec
- SHA256
  
  f558343f4693c151f9416b20cded176e1da4e6ebc133eb526d1dd5f5fdf596f0
- SHA512
  
  9d83e3e9c3e90d363efa61b7803a607982fd74045f5ddb1fcdbf7af70f4901b3dc6e861fe9d88a867d4c53c220423d9ff09feae8c58bc3852ea4b38cc72efff4
- SSDEEP
  
  24576:prij+VQYnP8DzPZSw1kPAxhN+u2L7KOy4:AjAQYnP8hD1BSJn0
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1
- Target
  
  MEIPreload/CredProvDataModel.dll
- Size
  
  573KB
- MD5
  
  28d0ab27c32de0fc9607e9b7d10b9f45
- SHA1
  
  6c23366a148260f2f80838843dcac7755df9590c
- SHA256
  
  5eb2abd74b415c4f0df6a20358045873c437a146427095493790a431606cc8bd
- SHA512
  
  6075602149e08f1926944dbbd53125e8e6fe570e35115c0960733a6aa88ea6583740f6277bc546e82e4bd92e3da712461c65594eba991fd69803f6136bed84a2
- SSDEEP
  
  6144:afmrkwZ3nFLN2zAm8LaJ6zki6wn36qKmurFfO+gt+tjdKMvekjH4J4AINe02EGz:wwZnFhesgiNXn36jBfOZ+tjFbjY4c
Score

1^/10
behavioral2
- Target
  
  MEIPreload/icudt.dll
- Size
  
  9.5MB
- MD5
  
  045d0f4f41ca53d4cb22bdc814a22b64
- SHA1
  
  63e1df7559eda81c8c0869f7f2144f553f94dd03
- SHA256
  
  a20010e097e5a4ae7f7065da7b290cb535d1ef98a6a7cc299a343e26d688aa5d
- SHA512
  
  1792331728a0abd284d638ad5d29aaa71a5c34bde611f33fb416c7c0be5d9748c606e495f4dc40a880983a2ab9bb04f1406e26fe835df470b37c241e6b2007b5
- SSDEEP
  
  98304:oyIexx5hdtkqAYv7CagQZhzvilh2WhHa8807suLw03:oyIej5hdOqLCagQZhzvilh2Wkcbv
Score

1^/10
behavioral3 behavioral4
- Target
  
  MasterKey_Pro_v2.6.exe
- Size
  
  504KB
- MD5
  
  2d4ff26e8c218a5b8ebd3df2d7895e18
- SHA1
  
  581e6e512a2e21abe28798893ca88fc6677f982f
- SHA256
  
  dc4fd9584e34cc7acdfd768c28a796764249bdaf94c48f098014cf0b6ac2c0eb
- SHA512
  
  42683d16b98cde57229e577c0a9d96a076ae460f6560da1c61b5575910831c3a1b5c8662d06913f261f47b28bfc66746eedf858adf98e616407cf80b2e94d089
- SSDEEP
  
  12288:Pj/MhUNG0OhJ6tvuDH/9dfSShnh5jzlv3a/5J:yKGlhklUfScvK5J
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  swiftshader/chrome.dll
- Size
  
  159.9MB
- MD5
  
  15f177ea56f074638a0c271d0695cf0f
- SHA1
  
  b9c7ee1e59711787de4f78dc764d5bac2c10922d
- SHA256
  
  c604619e34f1d527393f1526cee58e0bc5f3a254a962c5952e9f143dd4c9ed1c
- SHA512
  
  71d1b40bec51ef11f7b5a7e849ac60b0a222a49a89c51b4d4fabd110a33966991538b606decf8a2caaf595f1e527b3431dfced6d45ac3463aabc637559f3bc29
- SSDEEP
  
  786432:vu1y2Qbz4/annWUlKTZii+0rkwLyEW6YJ+OwjaaIZYGJgZoX92oFm1Pl5XZL0AEM:gMb0GWUkZixsbyEWV+j7LbZokTXZLz
Score

5^/10
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  swiftshader/chrome_elf.dll
- Size
  
  1.1MB
- MD5
  
  99b61c9bdeacecfcb8042fc744803f57
- SHA1
  
  d5d1a7bef11bdf6538ddaf2581f1c8ded5e3578f
- SHA256
  
  f6a1d534a14e2d510430c6a094fd0b633d9f84cc5d50faba1b211f4caac9450c
- SHA512
  
  f364f4037ca755b083db6ed98db9f6379846b4618e3d675f70678c384208e1e06b25c9f1c2e96b137a142932be807bc6c44ae9fdc1cab2de52d3bce9e860bf3f
- SSDEEP
  
  12288:QW40BV+MfiVBWQfBPHP91/r1MbFP7IyxOhcB+BOsRQYbek5+nDomk+YU:Qd0mqAWQZHfr1MbFPQhG+tRQY2jk
Score

1^/10
behavioral10 behavioral9
- Target
  
  swiftshader/eventlog_provider.dll
- Size
  
  16KB
- MD5
  
  760aa52e36c9afabfb42eec1fe99f1f0
- SHA1
  
  6307d08bde064595ec976a20fcbfa32815e531a3
- SHA256
  
  0129d1d2a70bcfd6d150cb989df3aa4dca7db8ba1d299448de8c41e45d28eb3b
- SHA512
  
  bfdbadc3ac663182b84d0edca664e5119491539638a1e3067635362b917cfea992679650c8e02721e1c13550a1b30d3871ca9ebb1cbef26b6bd9f19ef49dcb47
- SSDEEP
  
  192:4O9qqGKrjNyby2sE9jBF6IYiYF85S35IVn0CdXOEqg1JnXld:4hKrjNyb8E9VF6IYijSJIVrlqgjVd
Score

1^/10
behavioral11
- Target
  
  swiftshader/libEGL.dll
- Size
  
  419KB
- MD5
  
  93f6c51878ac01abef596e9683f5e7fa
- SHA1
  
  f35f5bd37f821396d0d67630a4f4f4a2142104ad
- SHA256
  
  81c376218c26b2995d6cce1190331ec6d59d82d54eb9267c2ce16b29e04f4320
- SHA512
  
  8c4c0eb983bb68379800d41e4b02124da872c3bf891a1d7889cfeecf42632fb24a0add3e1dab362fac42b8fe6479ea2363bc331d1b012a98bca4a2ede4af8966
- SSDEEP
  
  6144:RwkYNkQl/jXvX4cyasihbhV0i5Q0pxR5wHMqc5vs5pxVxYXDVxgK:2NkQljvXsa1b70i5Q0p14xVOX
Score

1^/10
behavioral12 behavioral13
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  2.6MB
- MD5
  
  4d80bfb88495449f85d73ef8d0df856a
- SHA1
  
  6be247a5a51d248e6a2e4e3ce1bb77451f32ffbe
- SHA256
  
  a76810051932580b35414fa225d2fcecd065cb25ec7c2e9067c7fd6ef4a54b50
- SHA512
  
  28b2437bac18de5eacfc490d03a3f15498b93ead1b9e35f49360bb24c53c612030ba74ef9eb2da63c077a556e39c22996440242e15f94ea0ead9169e38697fed
- SSDEEP
  
  49152:205o26wfun7McMiv18PdHWmp/EoOz/hZ1kK7orkS4YzeoYfYAEt+wa+nxgkjig:jdfW8HRnxf
Score

1^/10
behavioral14 behavioral15
- Target
  
  swiftshader/mojo_core.dll
- Size
  
  1.3MB
- MD5
  
  d4fe274f14a9c0e8160af06803f78aa2
- SHA1
  
  8fba78651206e5b8a86abbdbfbd7073d85792ca9
- SHA256
  
  7ed633a66c6755c14bcbd6e439ea0c5a794d4805546bbaeffd49cd8484be76ff
- SHA512
  
  fb867ea9748d59ec8aa1f92a8eb65189599a4f53f91f7c15ee4f8cf0ed88df3ff39644e53d1eb8757c70fd1d85a868086bf827d07edb3156866fa2578e386711
- SSDEEP
  
  24576:gNhsUxvn5c77xDt/NwjT8XBH0cX1KTxVyo:gNhpxvn5c7r1AT6BH0cX1KT6
Score

1^/10
behavioral16 behavioral17
- Target
  
  swiftshader/vk_swiftshader.dll
- Size
  
  5.1MB
- MD5
  
  e2e1ee1f5de97003bec90e35bb0cb63e
- SHA1
  
  4e6dda68d0328da1e44cdde60220402a69359a08
- SHA256
  
  3a5123b28e7ba66943c30f6149c71724ccc5a8b0f142c01e9ecb660ea692da16
- SHA512
  
  3b1dc063b574d4cd5eed244967105c1a446461f0a94774146b1ed5ad66d144b1abe5dd5bd8ac8f5481051aff98642861d3105e82990f3ee4d5416effa8e1c548
- SSDEEP
  
  49152:OtFDxGl+c5DzkTh2HZe8YfFEPrJnUFqek+8Vjd6ZUW+Amk/ZcwfElRJ1DopTmCvq:w8l+cDWjDLfEjDG41jr2MxO2cc
Score

1^/10
behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Event Triggered Execution: Component Object Model Hijacking

Lumma Stealer, LummaC

Lumma family

.NET Reactor proctector

Suspicious use of SetThreadContext

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18