lumma | 9ef3c2f498b46f0178619d8ce5f5b5b73ac6571bb841f6cca2be304b70db6d2d

Sharing

Copy URL

Twitter E-mail

General

Target

Launchh.zip
Size

20.8MB
Sample

250301-hrvljsvlz4
MD5

7da0592cb9783b26090c1e021b052212
SHA1

cc6ae16859990c5bb63db2743f2456ea1fe5f625
SHA256

9ef3c2f498b46f0178619d8ce5f5b5b73ac6571bb841f6cca2be304b70db6d2d
SHA512

15f2eef52115ff6076bd29ae8d2d0081b939bad8936aea06ba9db3c233808f48a0dac3dfcd5db4ad67b5b299f9cf3f74d71c9db96ac8ba48f9e5f04e0c3cd824
SSDEEP

393216:zKuuTue0cc81M/+mU0kYn09FoRlXOSA9XSjxySe6I3Mhi8D3tf1MeUsNtpYaOIa5:zKu2ue281ktU0kYn0vzkjx3eZ3eFDdfu

Score

10^/10

Malware Config

Extracted

Family

lumma

https://strappystyio.shop/api

https://coursedonnyre.shop/api

https://fossillargeiw.shop/api

https://tendencerangej.shop/api

https://appleboltelwk.shop/api

https://tearrybyiwo.shop/api

https://captainynfanw.shop/api

https://surveriysiop.shop/api

https://tiddymarktwo.shop/api

Targets

- Target
  
  Launchh.zip
- Size
  
  20.8MB
- MD5
  
  7da0592cb9783b26090c1e021b052212
- SHA1
  
  cc6ae16859990c5bb63db2743f2456ea1fe5f625
- SHA256
  
  9ef3c2f498b46f0178619d8ce5f5b5b73ac6571bb841f6cca2be304b70db6d2d
- SHA512
  
  15f2eef52115ff6076bd29ae8d2d0081b939bad8936aea06ba9db3c233808f48a0dac3dfcd5db4ad67b5b299f9cf3f74d71c9db96ac8ba48f9e5f04e0c3cd824
- SSDEEP
  
  393216:zKuuTue0cc81M/+mU0kYn09FoRlXOSA9XSjxySe6I3Mhi8D3tf1MeUsNtpYaOIa5:zKu2ue281ktU0kYn0vzkjx3eZ3eFDdfu
Score

1^/10
behavioral1
- Target
  
  Qt5Network.dll
- Size
  
  1.3MB
- MD5
  
  c24c89879410889df656e3a961c59bcc
- SHA1
  
  25a9e4e545e86b0a5fe14ee0147746667892fabd
- SHA256
  
  739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e
- SHA512
  
  0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034
- SSDEEP
  
  24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E
Score

1^/10
behavioral2
- Target
  
  Qt5Positioning.dll
- Size
  
  319KB
- MD5
  
  fb45f544d61c6a0a66e7ad3f5c0508b1
- SHA1
  
  50331a21dd2db624a559fa7ec5d3a0d93b8944ae
- SHA256
  
  e42297b688986f0e6dba17ae82a5d78cba1139bc03a0c30fbb6a6ef6c7f557ca
- SHA512
  
  3419f317f34f29996e8e139fe1725c9568bb262ab895a110be925b324fa3703e9a61a29e19b0b18e36cce31008353b9a9f80064b90aac7c16b05f544749e243a
- SSDEEP
  
  6144:zL3H526yykA6d0DbxzdMJ6EXmD2AOoLf:v3HWBo4J6W
Score

1^/10
behavioral3
- Target
  
  Qt5PrintSupport.dll
- Size
  
  312KB
- MD5
  
  dbf79abfb2fe2490fddfcc5b142326b9
- SHA1
  
  8955c5169f62b643a53920607c1392c049d180c2
- SHA256
  
  a4869f741088c67a0b449edad15658a9cf1edd8b693e4b23b6172952b6a7f9bf
- SHA512
  
  424ff210400a77876fdc6eb87ca245bb475151ebf2656a5e36ee77fe27ff4cbb5f30cd608a0cdf5113fffcaa00398de2e758a1721e7154585a230e53981b6051
- SSDEEP
  
  6144:SU6GcHAzLDN8xBznXwgUA2GqWss4A+1gr7pGZmSUbZqXxtUPIsq5okoibIWBk7fB:F6zqLDN8v
Score

1^/10
behavioral4
- Target
  
  Qt5Qml.dll
- Size
  
  3.6MB
- MD5
  
  27e0d9b1fd02d19a8745459bd729926f
- SHA1
  
  fee35bd148db2a9eb410f3c8f5c9a216be0d6d18
- SHA256
  
  53e8fecd7d4b1b74064eba9bfa6a361d52929f440954931b4ba65615148bf0ea
- SHA512
  
  aef0caeff970629a6cce00766139a407ac8e7c1179e5dbac1e01e252725f25a6fa771a7bb0cdcb894394b1ee7cff323511fb1eb64901d0c959fe2203d132ecc6
- SSDEEP
  
  98304:9myruPbjj6ODMIuT/IRhF/dNjnvkHrNrSdSG779LLLS/o/L4YqoY0Xba+mRR+:9druTjj6ODMIuT/IRhF/dNjnvk
Score

1^/10
behavioral5
- Target
  
  Qt5QmlModels.dll
- Size
  
  430KB
- MD5
  
  51addd243d4acbf6e2704b207dfe40b2
- SHA1
  
  acbc43b8480c1d8884d1b096d66a2ed678318b06
- SHA256
  
  1ac4753056179b358132c55ca3086d550849ae30259ba94f334826c2fbf6c57e
- SHA512
  
  c8aec4b704ee70bef16c71b1aded727e3a289831c4cc8f3cb276813e3f2ea1d96f3ff8529dee5ead46eb889206b4a3b4d2e468827fa833831ac69f43cc797064
- SSDEEP
  
  6144:s/VXP0g95T6gCk3Ud7Bz+vccX+Wl+tmYZ2u8ruxJM:s/j95TfBI4h7FuL
Score

1^/10
behavioral6
- Target
  
  Qt5QmlWorkerScript.dll
- Size
  
  53KB
- MD5
  
  b1355f6f2e317a7c47c7179c1d48f407
- SHA1
  
  db7fab191779a9fcc90710da7ece693d55e6feff
- SHA256
  
  5c3150972603c07290cf8dcfa7e6d850abb6a1d15f3f1c42d8bdac8623f1a148
- SHA512
  
  c0a22ef0abd17c29199960ffd1c2de65a007bd2616f988451dfe88f48ee4a15e0fe3cb4360d3783f8d2c5acd6026f130cb22e0837fdd04ef5f433d3d7a0b6951
- SSDEEP
  
  768:PnzAEqsfHbF+RC/q1TXydoz2esnQgSCod1GwvwuZG4B:PnuKMRHlaeYQCPewuZzB
Score

1^/10
behavioral7
- Target
  
  Qt5Quick.dll
- Size
  
  4.1MB
- MD5
  
  1318935680b9b9771e1e4c80fa97fbd4
- SHA1
  
  e3c8efc59866b68f6e28c163fbaebd24e3dd24d2
- SHA256
  
  553451008520a5f0110d84192cba40208fb001c27454f946e85e6fb2e6553292
- SHA512
  
  678e4678fcdaf09f8d5ad5f869941f511ba5440ab7cac8e0693f20e16bca09095ccc49325fff2ba0db56df6e4c751a273aec13ccb49e703909efc6ca96f6ab6e
- SSDEEP
  
  49152:/HyNQTBKx8buUfPkOTSvvJjw8snmD1OMbSMO/cx1BCHYBQvFEUxKJ:/SY37nSE9EXk
Score

1^/10
behavioral8
- Target
  
  Qt5QuickControls2.dll
- Size
  
  167KB
- MD5
  
  60217140ebbd4fe3d430d09505928d45
- SHA1
  
  df65388f808c5f6f24e4d320ff7a03db1d1df5ad
- SHA256
  
  dd30ade18125471c8700ba01cfb54e85570c0f365e969717bc0ba6ee8199e242
- SHA512
  
  8e2ae344145531f03db3a7d916d6e6e85edf7c34778c97f9361455fc12ec013f828a9634abb7f293e548dd9be5c45e9d637d7ecfc10624138476c7eaec532b87
- SSDEEP
  
  3072:9yh+Y6ksWf73lmYPgnmdtKS6Kum9HcJPbISsvdwtCDE/:9yh+Y6ksQ3lWKum98FbISsvdwtC
Score

1^/10
behavioral9
- Target
  
  SoftWare.exe
- Size
  
  949KB
- MD5
  
  09c3d7ae6770b7da6f896e986867c334
- SHA1
  
  59c34e4830979abb95d7a8b4287b06086a676a81
- SHA256
  
  a6a82b19491f97cecdf1fcf45ab98d76482752bef6bd2a5463fc45f4bcdfb118
- SHA512
  
  c07cd395a69da1c13aaed647cf1c7fc724178a7901f4991ff0570a3971a4b667b6c6837900e33356c5d7effa680595aa149ed6ae20fa103d2051994649afad2d
- SSDEEP
  
  24576:7hhVjdfarmFNhcKSoWSlzGarmFNhcKSoWSlzl:r2YhcKdWSpYhcKdWSH
Score

7^/10

discovery spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral10
- Target
  
  ffmpeg.dll
- Size
  
  2.6MB
- MD5
  
  2fc7f6b0abd1af4988e30e58e8310291
- SHA1
  
  9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6
- SHA256
  
  b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b
- SHA512
  
  cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2
- SSDEEP
  
  49152:A14LZeiXTFI6vTD9MxCAJ0qsOw0FZnHzKedVLes+/EnvIS:V7hMxjk0vB
Score

1^/10
behavioral11
- Target
  
  icudtl.dat
- Size
  
  9.7MB
- MD5
  
  224ba45e00bbbb237b34f0facbb550bf
- SHA1
  
  1b0f81da88149d9c610a8edf55f8f12a87ca67de
- SHA256
  
  8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc
- SHA512
  
  c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784
- SSDEEP
  
  196608:GEGwSv9AAQ48yTliXUxR0rHa93WhlU6tgYLu:G4KlQ4xliXUxR0rHa93WhlU6tgYC
Score

3^/10
behavioral12
- Target
  
  libEGL.dll
- Size
  
  431KB
- MD5
  
  1ed91477a02e0e2a64e5e9f26bcea438
- SHA1
  
  8058c2bd3342d8d882768188b1e5c45567a8dde9
- SHA256
  
  a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03
- SHA512
  
  c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5
- SSDEEP
  
  6144:gbSSlxpHPDSDwFRSHXEU4alu73cwp1MmJw7r2qVmTsR6Lbg3y:q9lxdPewF43EDaG+0TP3g3
Score

1^/10
behavioral13
- Target
  
  libGLESv2.dll
- Size
  
  7.5MB
- MD5
  
  640a515fcd8e5d5a332c1d40c47700b0
- SHA1
  
  0128c9d499deb7866f3d7aae0adab69d9a8f768f
- SHA256
  
  927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1
- SHA512
  
  792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27
- SSDEEP
  
  49152:cHYVf3vXozSZVwq1ZET78U9t9Ib7P4jN0gVkel0hZecqjXFArFFiKMTvrd5/Lln+:DWD0Ue/elpegxsgPRPV+fJJ7od0m
Score

1^/10
behavioral14
- Target
  
  manual/Manual.txt
- Size
  
  238B
- MD5
  
  dbddccfbb27caba92a389c0698363c1a
- SHA1
  
  c77ec6e3d7e8d70e63f319e9957fe7731c1ab3ee
- SHA256
  
  6f7cf53377c91322050746fca3a38e2e833cd721dd98b80d22d28d019546ba01
- SHA512
  
  968fcc7144d7f80159cf049bf349ff81031689030ee4b3415d8f16ff7e47bc23b908004bd225ed9349dc7496d2902c74b6488949240dd7e62b1c79a6fe2c0097
Score

1^/10
behavioral15
- Target
  
  msvcp140.dll
- Size
  
  657KB
- MD5
  
  03709a506bcf0a0dc8e62c63529c340b
- SHA1
  
  4a995cf7cbf5f33b8f82764dde554e6b5a93fc8f
- SHA256
  
  38f50951614154cfc9915c63a36db90a36e082121281e48eab9fbee9196658af
- SHA512
  
  850fd10facdf5bb6ee829b550e9396e8acc7cd86e129bcfc8751f567ab33ea391803f6878c76b15a181723615b51caf5938bbaf54450e51b14b4aefbfe1df4e4
- SSDEEP
  
  12288:KXWTVMrAEhb2PGz0EnR1krYCiEIbJvhk0azddWtyA51C09ssEN8mhGf1Z:OWTVrwb8KtJvhk0FkA51/9ZENtgz
Score

1^/10
behavioral16
- Target
  
  settings/cef_100_percent.pak
- Size
  
  261KB
- MD5
  
  b84d20e51dc7b971c7ab2502e3843f1f
- SHA1
  
  ed87bd499cae74a748e03fc33c36476a20487b78
- SHA256
  
  62d84df6c05bc41086aef1caff5b2db9cacd18535cb64407e79b715baa316b17
- SHA512
  
  1dcf7ff2cd92708892a43fb6cb9df5b46c1f98c49b7f58dc915b31dcaa27323d9055754173005b16581e74add695b62fa096890a40e3a2ee42ddb11a785920d5
- SSDEEP
  
  6144:FIYS+PehTgH+a6S9zwV5TrOHCZ3x5c1YC7x10fSucY7OP2ITQ:FIGeb1Ngf1d/dQ
Score

3^/10
behavioral17
- Target
  
  settings/cef_200_percent.pak
- Size
  
  412KB
- MD5
  
  d344d778833b313ed4afecdb90f4cad0
- SHA1
  
  acb1f69b2f0a69d301e6816c5d886f1c10a1bdd9
- SHA256
  
  ca0242f452e96e89a85e5a718e9ab01e24ea955b8491f6da9b1ebb5b3b4b7c71
- SHA512
  
  e5d32aba64613a9e8ec4aabb50b088f06ad83e2341f9bb22bb541e29deb63027dc07295c53eab8934387dcdb7c93aa7264dd77deba0a0bc9ed9514c5fb6b8b0b
- SSDEEP
  
  6144:CYS+PehTgH+a6SuDQYak+9bQHgs4jTlyOHCZLz73QYV85u/oFYvwoytKi6obByPv:CGebIfz4gs4jTEg5u/oFFpxLlFYZ
Score

3^/10
behavioral18
- Target
  
  settings/chrome_elf.dll
- Size
  
  968KB
- MD5
  
  ddc33cf2f8a0d4fa0b96667cb037a5bd
- SHA1
  
  277e4695266d7ac368a7635476556a2cc4793d98
- SHA256
  
  cdac4bac1481074e5a1664a2c6437273b0a2da068ede892ed0468825429e5e77
- SHA512
  
  574bc9f683a8a18b34e70d6830dcc6c0e605f3ed601f921d525f712e74ed3c83e106eb43551ab3325566e032a98a752e24407494081863dd4bc5fcd20f079bd9
- SSDEEP
  
  12288:kVq/yoDkMVSDPwy1wmThw2ljaR0E/uDmH5wvQwmeR5+n+orQ:dbsZwmTd1UuiZTwTz
Score

1^/10
behavioral19
- Target
  
  settings/d3dcompiler_47.dll
- Size
  
  4.1MB
- MD5
  
  5daacc29ed5218bcb836bfa8dba4dade
- SHA1
  
  0f94d6b63e1a8c5def69377a9c2c5b9ed8a2a9d9
- SHA256
  
  b548547f7f7e6afc5769be1f084b3e13b6bce07fbacf5de8156a5f88328b621d
- SHA512
  
  8ad9243d7d811d8e9768d8213a0bf0c120b8b3081c8374de8459d56ec9e10f11f81acf0d4421d949d3a892bc9468559c4c148b548f1128b674990afb55a31347
- SSDEEP
  
  49152:l5EfJYiVk9w6hAPqzag2At6i5K/8Ub6Lg3MEq/NHiQTtVr+5kb62QgdD6zoodr7z:j7iNPWHYE+Bnmc
Score

1^/10
behavioral20
- Target
  
  settings/dx12user.settings
- Size
  
  6KB
- MD5
  
  3635632d49c0b3c6a2f805e0cd64670e
- SHA1
  
  1c0b36ecc0326a3807f7a91ed274451cbec18ce7
- SHA256
  
  514395c31a4591b0dc85aac048c079d90620abadcf768bfd255e10190bcb92f6
- SHA512
  
  3a1428c7d3dff3c292caffb727f48ed553eb3e2a3724731f3eac6e7dba20ae60790c20d00ab7cd7568967fda8a46eb3c152610312c6f05feb714311c5b215648
- SSDEEP
  
  192:K6uV8NXlf96S677KeXx8igzaIhe6E+a/kbLUWoApzec2cfBq2fIx/CGy+2l72HlF:K6NctBhgzaIhe6E+a/kbLUWoApSc2Kd6
Score

3^/10
behavioral21
- Target
  
  settings/dx12user.settings.bak
- Size
  
  5KB
- MD5
  
  23daaa20f1b560b2e90be16f70ca3da2
- SHA1
  
  5dfe9246a5b735b40da07dd75e62d6d76f1b2608
- SHA256
  
  3be39694d0b1d90ab350c461a6b4457f0f2faacaee61774e671000144f690cb7
- SHA512
  
  82088290dd19d74a00625048b912ef36e69b81d3daf8cb3e90415d777d6fc1e4e15b5904bfb7cbd96f230fd74b5c0af2ff6b3b8505c46208e04d09c84e2d7796
- SSDEEP
  
  96:FN6uV8NXlK196S67g6KeXxh6igzaIhe6E+a/kbLUWodupzec2LF12FEb/Xq7q2fM:76uV8NXlc96S677KeXx8igzaIhe6E+aJ
Score

3^/10
behavioral22
- Target
  
  settings/icudtl.dat
- Size
  
  10.0MB
- MD5
  
  9732e28c054db1e042cd306a7bc9227a
- SHA1
  
  6bab2e77925515888808c1ef729c5bb1323100dd
- SHA256
  
  27993e2079711d5f0f04a72f48fee88b269604c8e3fbdf50a7f7bb3f5bfc8d8e
- SHA512
  
  3eb67ab896a56dab4a2d6eea98f251affd6864c5f5b24f22b61b6acc1df4460d86f0a448f1983aac019e79ff930286c3510891be9d48ef07a93ff975a0e55335
- SSDEEP
  
  196608:Ub+wSv9AAQbNjliXUxR0rHf93WhlA6tj1w:U5KlQbBliXUxR0rHf93WhlA6tj+
Score

3^/10
behavioral23
- Target
  
  settings/input.settings
- Size
  
  88KB
- MD5
  
  74061757bd00a6d226a397e5d78fe563
- SHA1
  
  22afc0173308d7cbe8c6d9018a8edeeaec9d1f11
- SHA256
  
  813dc740fabe35bf5983e550795e9bfa40b888f0b44b16a4da1c841d2e3dd829
- SHA512
  
  94cfe4046a40a973483a933f7208027c77d663bd9f26f56d97bd71737630f4dacc974feadde7c1281dffe065618185a8eae4d1084660bf0ab1867ecc06f91d94
- SSDEEP
  
  768:YOSy9FYMHg/aqTuIFJ+IWga+Fs8aaxGpFSDYr+Q8vNSD7DlbQbLma+Fsr4rp:x
Score

3^/10
behavioral24
- Target
  
  settings/libEGL.dll
- Size
  
  382KB
- MD5
  
  2bb37aae4eec265d97aea03800a26145
- SHA1
  
  06542423b68110c3d5ecf2159114f4c0bc2879b9
- SHA256
  
  4a34a80415a041caa00456fcbcfa24cbe8a05d699c8cc302215823826e94bc54
- SHA512
  
  66d6307e2a412aadc731bbfe0d96cad3f0aace100de0f7cba970438f7cc8087b8c6a5ac205809622e58d46b92f43da7b213a4713885ae247a1a229e8abf4125a
- SSDEEP
  
  6144:5fn91PNKeDQhPAybcKwtN0eHpN5uv4XdWT9V:5fn91PDDQhPRNkN5uv0W3
Score

1^/10
behavioral25
- Target
  
  settings/profile.settings
- Size
  
  102B
- MD5
  
  fca8f5239fc34cdec1b818187c45677e
- SHA1
  
  90928f3d1cca0586c1521e342deed9f0e66632c9
- SHA256
  
  a095c83dfcd9371e7aaee0561357199eaefd8b65111b694aa940d84ef42bd508
- SHA512
  
  ec212239d71e8c5623bb3acc97aea09831d7bc668c526504c046bb38d90988a3a0789d50cf0a11d9f415f4cbc9f5ca29e4be6dbc2bcb8d95c95b18e52b4cd9c3
Score

3^/10
behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26