Extracted

• • Target

    setup.exe

  • Size

    697.3MB

  • MD5

    383fa62b776e9a987e3487d3adb712dd

  • SHA1

    2002e387d4eebe5fcfc44faba49c353331f30450

  • SHA256

    62e6fc53e8a929fe7e8000e613bdd50917dd0ef303c5cace46a65ceb6a495b8b

  • SHA512

    65ee4a72ec06540f4aa350f672fda31e507e66e49ca3b75bc761b044e144371f6a3d76430ea60847518c67458531e017864565b96f27686511a6773995255dfe

  • SSDEEP

    98304:PpaOTEikjpnQ1Ow/V0vkFVuvRHyqP4wLR:Pp9IVNR3wwL

  Score

  10^/10

  lummadiscoveryspywarestealeradwarepersistenceprivilege_escalation

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma

  • Lumma family

    lumma

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3