Extracted

• • Target

    newfile (1).exe

  • Size

    22.4MB

  • MD5

    9922c2f6b72afe6a8ba3b20f05ef8b35

  • SHA1

    0c9154dce751442ee297be2c5e03cc833c5605eb

  • SHA256

    f6f2d71e98b5f323df5610f544e31da955358a7e8ab17dcd29a7000571912228

  • SHA512

    89d111ae1a1fe2f8c2668187623c02edcc4eab1b5f60231bed58745e32a2e3d791b5513bb3821f34a50c415187491f118a76e28a5acd3a0355b6e969aaadbd62

  • SSDEEP

    393216:I9Yiko/ySHEnXMCHWUjYrRQ7XbFsn6qPG7xAuq6qjg0un3Jh4RzTp4Eah++odCLy:I9YiamEnXMb8YrRQ766qPOAOqjg0uZ2H

  Score

  10^/10

  lummadiscoverypersistenceransomwarespywarestealer

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Modifies WinLogon

    persistence

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1