lumma | ef1bb079ec0da97c65a3429c075df08a5f0c4708c0e130f6963010facfb3d888 | Triage

Sharing

General

Target

OPTIX.7z
Size

7.1MB
Sample

250226-zptpxasxbx
MD5

ab59aa83510f081b897faf7e03fbb5e8
SHA1

2bb68d2436c306f48689b190404853b5988c6778
SHA256

ef1bb079ec0da97c65a3429c075df08a5f0c4708c0e130f6963010facfb3d888
SHA512

f6e326a187158060880bef1c44649aa39146ab791935d41b40f9ac39a980d3fd3d8cd872e23fb03b50c739c9b0e2401ac23ca0b0bf1d4a017a94a3224cdc7ba8
SSDEEP

98304:+dw6e9TPmGy/MXp/5bWJhczhQp468k0uF2ScCHJF6FxWGTtFk3lKur38CMXztLuP:16e9ymZhRhykbuUVFxvTtFTU38CezBuP

Score

10^/10

lumma discovery spyware stealer upx

Malware Config

Extracted

Family

lumma

C2

https://quialitsuzoxm.shop/api

https://complaintsipzzx.shop/api

https://languagedscie.shop/api

https://mennyudosirso.shop/api

https://bassizcellskz.shop/api

https://deallerospfosu.shop/api

https://writerospzm.shop/api

https://celebratioopz.shop/api

https://pieddfreedinsu.shop/api

Targets

- Target
  
  OPTIX.exe
- Size
  
  808KB
- MD5
  
  404e5216acc5b9fcbaf3950218ae5a92
- SHA1
  
  801380246a23cc50a5a6404bdf5f09a1f93a56c5
- SHA256
  
  6c4106fab8e5f61b761073f8d7e34b7d56f605bfef12f75aa5538a5ab8f8da97
- SHA512
  
  780d1354d5bd8b24325e465a34828f66bc9067b40baa28d7204c878f130a6b21a69f5799c54e0fa9adfda84de46c07f5d34ff61d2f62bc1a86f43193e33b730e
- SSDEEP
  
  12288:nkpDLOnchW+tLtE2p9KtIgyPMROQ+NM5DY+tLtE2p9KtIgyPMROQ+NM5Ds:nkZLFhVq2p9AIgykrxHq2p9AIgykrxs
Score

7^/10

discovery spyware stealer
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

upxstealerlumma

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer