lumma | bb8ae4c7145884c0e06e08839b39a2a13a06924e93fba1e217cc4ada072652d1

Sharing

Copy URL

Twitter E-mail

General

Target

KMSpico.rar
Size

72.4MB
Sample

250410-2afwlstk16
MD5

df84f82d19bc1dde7684190b1f728048
SHA1

70c4ca3b957ff1f2d39adf88b65791ca6706977b
SHA256

bb8ae4c7145884c0e06e08839b39a2a13a06924e93fba1e217cc4ada072652d1
SHA512

04b1568fb0479867010ba05ddd260a0abbf74007504de7dcafa4b5580e2da02ada0cf516df06a06a2ac787be8d6d93e431f1cee5f6f39e8e24b23af10dee037e
SSDEEP

1572864:0Cbfx8MvuWq0RBBitkuc0QxB6RW0ICZc0ow3rzkYm+Ii0xvssHK:0CV9RBBGQxB0ICZ9ow3fkYZB

Score

10^/10

Malware Config

Extracted

Family

lumma

https://revitmodh.run/pzaw

https://dsoursopsf.run/gsoiao

https://changeaie.top/geps

https://easyupgw.live/eosz

https://rliftally.top/xasj

https://upmodini.digital/gokk

https://salaccgfa.top/gsooz

https://zestmodp.top/zeda

https://ixcelmodo.run/nahd

Targets

- Target
  
  KMSpico/KMSpico/KMSELDI.exe
- Size
  
  647KB
- MD5
  
  53d5b9deeb2bb59e4651333117c9954c
- SHA1
  
  308fd25a66298db404ebd17339628e90cc9a3920
- SHA256
  
  d5e23168c5c9bfbabea3514600f2beadb9ae8c870b78a6e0408260b32ecc1743
- SHA512
  
  9c671532b25348a62f66108e4fba7af61140a2befe3dfc6b9ea0286e1b297c2cc57b16ecb6ca0f7557c9659b90929af70f960192091ab790e2cfa28769912c97
- SSDEEP
  
  6144:dZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6JA6YCFceN+tK:LANwRo+mv8QD4+0V16JYCFceNiK
Score

10^/10

lumma discovery execution spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/ClusWMI.dll
- Size
  
  524KB
- MD5
  
  5a6bf882b5b2bb00a45c2cc93bc482b2
- SHA1
  
  e083b13527a7cdafedb31509366b4d17214aa5f3
- SHA256
  
  6baed20fa7c51028051821a7c50282650c2bb9340a704c4b51c85f14cdcca139
- SHA512
  
  48180ea8d1ebe29563844611f2a26dcd41db8632cf395d7ce22198c8b05b1c1dfd88f0d3630be504b05d9080b6bd8d89bd99b0543d5a9abb1080f91af64d5985
- SSDEEP
  
  12288:+4UjAbvekKjDG6D2PHFi9vXDTUxBlF9dZgm04nyFzpN:+4xbmkTFCUxbdZFtnyFzv
Score

1^/10
behavioral2
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/clrjit.dll
- Size
  
  1.2MB
- MD5
  
  f14a7650ec7046d5f2ee9c51a29ba9b0
- SHA1
  
  45eedbd38994d0f17dd20e14e0efa09edbc9178b
- SHA256
  
  f9b962d6668a3813695b5c8dab533d6ecbcb2cef5c5fad6726637d735f6dd33b
- SHA512
  
  eaec9a215d10b5b61b05e289b92a36cae26b1793dc003e27124ffa5ea9e9ce70b78714c72013dc004a8df3d64b035522189e8ef9d0ae42acf59fe68500af2d34
- SSDEEP
  
  24576:ek6qx5aELhzJNzGaR3wQNAj3FSlf8QCDIuyLeyvXJunOJ6Yj/:KeaENzJ5GKpiDFCCDIZLeyvXJuOJfr
Score

1^/10
behavioral3
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/clusapi.dll
- Size
  
  1.0MB
- MD5
  
  7c64cc7336383516db2959b8668beba9
- SHA1
  
  bfd3b662e1e4254c92b68cbe9949920869b4766f
- SHA256
  
  0aa2175912b00f75f2fe1a600eb8ede7286b1550cd1fd76cad74b9019935c8a9
- SHA512
  
  56980dda76f760c120a271375cb4dcb5aa685bf1413629c6cba27f422fdf5b3bb615f12149a9ab1f55a2f8373ec5353f66e99f1aade3e6aa6bda6326e4120244
- SSDEEP
  
  6144:1v9IlTK+HfM0dSD9o3NyvWupQe8UeXf+/xfoAYib3+eRuTZlyXt7PFnnpnnmjBHj:1S5LBdOe0Qe8U+7iSOuTniIdpBHwDp
Score

1^/10
behavioral4
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/clusres.dll
- Size
  
  1.1MB
- MD5
  
  1fe1366d70efc7160f57bc4414c26667
- SHA1
  
  19beb3b8aad7ab970e76ef088ae4c2673e84b3e8
- SHA256
  
  aa661d52e2e2a5cb4ce3b18bc2835fbb30c38f0f1c4f8c91ae68704512b93eb6
- SHA512
  
  f2d1624891cde898fc7231a2aa0f0a5d3a864692eb4e1849c0f3cb3def89ec530913a33a69d7c5eb734f21de3738b2b631d2b8a6855af08e9eb5eadfba65f397
- SSDEEP
  
  24576:0zlvm+kq8cnVvD7+vXA/yD52UwHsJJoGCBnwpu2sFwiwI8E9e4F245:ARmZV2cXA/yD8UZoGkwpihwI9V2q
Score

1^/10
behavioral5
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/cluswmiext.dll
- Size
  
  546KB
- MD5
  
  6f63d7391eb80486bf8b4af6a18c5f01
- SHA1
  
  c16e0b9c2c234db1e6eda9082311263d3ca7b244
- SHA256
  
  042869aea10dfa403726434b5ff2f85cd3f86356d00013b73100ca2b9acc834e
- SHA512
  
  4d929de45d3484c4f20af188dd173cb09b1248bb1a925f4ab18d06917707b1713f9c12622a7d2d5aafe25f329c11614c5af624651c6e8a616b512c2eec21483b
- SSDEEP
  
  12288:KAHeZoVZx/hzMKHkf5IkafTLbp2ZzjEBAnPnRf76ImB:KApVZRcI5pazjiiPYF
Score

1^/10
behavioral6
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/cmdial32.dll
- Size
  
  543KB
- MD5
  
  199c06ddbad82c3f90f3211a24b3be4c
- SHA1
  
  008bac1c56226cd708d060b80777a8e5cde8ba95
- SHA256
  
  e6404240cbb8640160aca56d4362369523ac7a4437fa7db5cb499c2a89b5992d
- SHA512
  
  90a828e740e39145608b122ea0a04c5e067b16372bfe256139f22faf3831b7c2380089efb85f6694843c29215416e0275833f2484bdce1906ce9e5f368213f45
- SSDEEP
  
  6144:vkxJYzX7dzt+Q/FjAVLjDmhzTj02i6CxcQH/rVd37CjWiE4qboQi1f/A3aOHM:8xgX76EuVLjShvjrvrQfRTow
Score

1^/10
behavioral7
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/libvlc.dll
- Size
  
  172KB
- MD5
  
  96214b94b796bffc48d63289854ae5a2
- SHA1
  
  383bde4b3a861d47794aa4f03479a48c10a644dd
- SHA256
  
  528c416cfb4813ee5f1da52743ef4adb20043171230098b27e25d1dd90e3f288
- SHA512
  
  5243dd7153793ae33c3a25f2a92579c4e31813545680de9a0abab36e61d42655db4796a6f47606b47d6dce0d3f47754fd29fbfd18b973b029df0c543915750f3
- SSDEEP
  
  3072:mZ6EqHx7iXIb/WmRJKn9llPMBq4tNyupwPU0sG0:mZ6E+x7iYiiMn9llP8q4tNyuusc0
Score

3^/10

discovery
behavioral8
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/libvlccore.dll
- Size
  
  2.6MB
- MD5
  
  e25413bb41c2f239ffdd3569f76e74b0
- SHA1
  
  073e2a86c5c24ede4c4ad2d8614261121a8d2661
- SHA256
  
  9126d9abf91585456000fffd9336478e91b9ea07ed2a25806a4e2e0437f96d29
- SHA512
  
  37b8339555dcf825a2e27464eb1d101f8e4b56460d1b78161e99ba6761f1a967668f11ba888a712c878d468f419a455dbc5e8e55e7fb9d4fbc87cb78f500ea9f
- SSDEEP
  
  49152:hDWA3C12sNU/wEz2tMEjv9DZWtxfc1lVG3QNVBAUZLYasUpGaXBuQQ9umM:t3O2wEz2tMEj1lWtOrVG3QNVBAUZLX/
Score

3^/10

discovery
behavioral9
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/ICQLiteShell.dll
- Size
  
  56KB
- MD5
  
  05e61539b8917fca37c03756bbdd043d
- SHA1
  
  5a72e0e528260de0ea5b34badb9e5f9873cb4245
- SHA256
  
  515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8
- SHA512
  
  565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97
- SSDEEP
  
  768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg
Score

3^/10

discovery
behavioral10
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/ICQRT.dll
- Size
  
  32KB
- MD5
  
  1aedcb8994d6ad63ef9dcb87016e028f
- SHA1
  
  f5b891aa15c6353b681bdb7e2d96c6ac8a5f02d7
- SHA256
  
  53e1f40144bab532f9700ff25ec3d5c6a39784a98e17fada583b4ee6d9dd5dbc
- SHA512
  
  89c0f408797c4d78afc52335a9e162345c614e1e419f55487cb358c14f7a69ec82138a7e6250be3133233386ba3659d241e80ab63c9b972b6c8b26b0424cb0c8
- SSDEEP
  
  384:+qtTeds1tkMAp4TxCW9su5UcSu93ggoXUQQIPGEANHl:FTedukelF95RjQUUPpANHl
Score

3^/10

discovery
behavioral11
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/LiteRes.dll
- Size
  
  735KB
- MD5
  
  88962410244bc5c03482b82a7e3cb5e1
- SHA1
  
  4622be2d3deda305bf0a16c0e01bc2ecf9d56fad
- SHA256
  
  afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036
- SHA512
  
  c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c
- SSDEEP
  
  6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
Score

3^/10

discovery
behavioral12
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/LiteSkinUtils.dll
- Size
  
  48KB
- MD5
  
  059d94e8944eca4056e92d60f7044f14
- SHA1
  
  46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b
- SHA256
  
  9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6
- SHA512
  
  0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902
- SSDEEP
  
  768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK
Score

3^/10

discovery
behavioral13
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/WinRar.exe
- Size
  
  3.2MB
- MD5
  
  b66dec691784f00061bc43e62030c343
- SHA1
  
  779d947d41efafc2995878e56e213411de8fb4cf
- SHA256
  
  26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
- SHA512
  
  6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
- SSDEEP
  
  98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
Score

1^/10
behavioral14
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/madHcNet32.dll
- Size
  
  921KB
- MD5
  
  d22b9da713ab36102c9c3d812af8c12d
- SHA1
  
  371fdbf6ae6a9a2e5c0560fc94eba3290028a252
- SHA256
  
  95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb
- SHA512
  
  e5ae51f79403358af60bb3ea663251badac57414813f5537d763b0b95504a393fb2d34c94c4b7328ec13f58e74a7147d3a72e63e62973c4c5d80671be1c8face
- SSDEEP
  
  24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
Score

3^/10

discovery
behavioral15
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/mvrSettings32.dll
- Size
  
  1.0MB
- MD5
  
  94321a6d490ca5442cf36b07db16419c
- SHA1
  
  639e08bc92106902facf7cefdc9b340682572b2a
- SHA256
  
  a7827463e9587a238db927cf61ab92b95c0ef52b18467583dd859bed98543da7
- SHA512
  
  1944916ca997c01a11c77016791612382832af6ab4822992694460ac4c9e5ba72e193416fa17c898a1d201826bdaf3176a2b303c035a37b124ccd4937d4f4b74
- SSDEEP
  
  12288:9wsK8YWuTCipwKm3ZCdX+y0Cg57ZrVmK5UhYX5NN/u3ZeEb+LJkKuZl1Y1e:P6WuFKKVuig5jZ5xX5P2bKyKu1j
Score

3^/10

discovery
behavioral16
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/nolimetangere.pkg
- Size
  
  779KB
- MD5
  
  2ba2923d166e89451fab8b0f1f48a552
- SHA1
  
  a3b8226b8fc5266105347ccb623500750a1b561e
- SHA256
  
  51e588e5c974cbb81b3c22ed4ba9c7188dc057a2bd77b248f4eec4babcf23761
- SHA512
  
  71207bb1493412737ee821754f154b76e45ee73be539f7df7e188e18cc018a45c42312844322f5bf0d8352cb3ee432f1314d8c69e458cbec25c9b47a5bf7bb0a
- SSDEEP
  
  12288:y2eLUppvK0pIw10hf2SZCFILyTVAtIeH6b5+zoTcefCDlNxEawbSSWZ3O:B3e1nGepfH6bCe6pNQvq3O
Score

1^/10
behavioral17
- Target
  
  KMSpico/KMSpico/Resource/Full-Info/plugins/cache/Language/unrar.dll
- Size
  
  304KB
- MD5
  
  851c9e8ce9f94457cc36b66678f52494
- SHA1
  
  40abd38c4843ce33052916904c86df8aab1f1713
- SHA256
  
  0891edb0cc1c0208af2e4bc65d6b5a7160642f89fd4b4dc321f79d2b5dfc2dcc
- SHA512
  
  cdf62a7f7bb7a6d511555c492932e9bcf18183c64d4107cd836de1741f41ac304bd6ed553fd868b442eaf5da33198e4900e670cd5ae180d534d2bd56b42d6664
- SSDEEP
  
  6144:e2Gk6wDaKov/5qrawOZI8uN0f/UVvN3MwdZFmiVFC+OEu:e2GkNo35qrawqmG/yM8PmiO+Ol
Score

3^/10

discovery
behavioral18
- Target
  
  KMSpico/KMSpico/activate.exe
- Size
  
  662.3MB
- MD5
  
  2bd0cf677057e90ac12aeafdd256eab9
- SHA1
  
  32a743c040c08d4620afb39bb40ed5fdbf1cbb79
- SHA256
  
  3212d66b56683e0d962b803632f8f8a16d8d7a0211e0d02d8dfa1dfc11aa6a6e
- SHA512
  
  625c4ef5e067cc5d2c317c885875722e95a9f43cd5ef8bf025214c544c0a7fc7996540a8fe90788ae515b8b386e4757a130b538c2a9c4fa1d250181c983454b8
- SSDEEP
  
  393216:1jL2iDc7/6febH1MO9ftIcJfVjR+dP4duDoddkjU6p6qH+8B:1jLBebbptISy2k3jp
Score

10^/10

lumma discovery execution spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral19
- Target
  
  KMSpico/KMSpico/plugins/CryptoPP530Fips32.dll
- Size
  
  1.2MB
- MD5
  
  9a7234078559093e06c9d32148ed95a3
- SHA1
  
  40361dad15b9b5ae2757a21d1ce6a61c3c37e891
- SHA256
  
  32f5d0a454c26e8aa6f4cad58f3782337cc97cfe2305bbfe564437e5f0d51bbc
- SHA512
  
  9a2c3761d799999a691cd605f11c4014f604afa9a46b3b4c9999eef177f0e703ca2ed52c22824cba613559ce37bd134c566d54a4e51141828816b02a4f3da05b
- SSDEEP
  
  24576:4pPfSOTjS+katpqQTutqG3kGP7NS0LdbiAJ:4VnTu+kNQqqG3kIE0Ldb3J
Score

3^/10

discovery
behavioral20
- Target
  
  KMSpico/KMSpico/plugins/CryptoPP530Fips64.dll
- Size
  
  1.9MB
- MD5
  
  5421d49c2b1eabcbf9fc3cd5b3a4a7d2
- SHA1
  
  0028edceb5be4fd315b460b37f499667564a1367
- SHA256
  
  f555d9a75aff39ea48a8c51a833833f7892060a3421c57546640bd560e87e67b
- SHA512
  
  92ad7321a80d3e718e0c625bdf6d4fb122bc661e6b955744d513f043fd7733e39e13ab7a994a4bb140eec3c1b3d72ddddd9dc12d98a83811bbf1ab2266946e20
- SSDEEP
  
  24576:3nn521M2+LQvsrfqPmckkcltu9Wl0iY9Cu4biY7DvCQ4Rze4:3n521M12cPY9Cu4j7WQ4Rzz
Score

1^/10
behavioral21
- Target
  
  KMSpico/KMSpico/plugins/FlowSshC32.dll
- Size
  
  5.7MB
- MD5
  
  c4c176f948aaefdbac2007be7540f807
- SHA1
  
  fab53fea6bf9b66edf37c05f96d0113e7b3ff151
- SHA256
  
  b7ce745085da1ea321ba210178f90c7fbda7419a64452a887219b6fdc7ef762c
- SHA512
  
  f0883c2f65189a9992af98fc05947df34a43740d4c22196a2d3922edfe7e4fb2bcd75226a24b9482d2be5961eeb63a015a329a3a524f25d7e8c6acba31ab80bf
- SSDEEP
  
  49152:XMZDDtZO0oV8BPKzv694e7rnSmRw6DKnByzYC3rkOmcdbzKgZI9cji115OVcrDom:cno0w8BPW694evnSmG6oY013S26vCL4M
Score

3^/10

discovery
behavioral22
- Target
  
  KMSpico/KMSpico/plugins/FlowSshC64.dll
- Size
  
  7.7MB
- MD5
  
  0a86f2e157f36783f412379b8b94a1a6
- SHA1
  
  f679118d538d8c0aab0d8693f8b9b86bc9ccef2e
- SHA256
  
  27056202300c852631354871960619ad713baf02f06d080afb1ccaba3ce6bc69
- SHA512
  
  ea8101c2c5dfe11859cfc3539a82b66692920aec8fbe8d64ee5a32475247f71ca98482e8c20b297811ff3d235738e9c20ace33142e4833162068cb1f67c523bf
- SSDEEP
  
  49152:EpBqTfDVWxBameIwNZP81iXc6WOptqQbFYdzyCs7Cqy1mZ1PVJLnbd1AYLik7J3g:QE7kBvoXZgx+JLbdXxiflHsvhq75b5
Score

1^/10
behavioral23
- Target
  
  KMSpico/KMSpico/plugins/Microsoft.VisualStudio.VsWebProtocol
- Size
  
  661KB
- MD5
  
  91acf072fe60b3ef9867faec1a7a8cb0
- SHA1
  
  f5beee29187c4573acbf5a9105b6b475b6565f61
- SHA256
  
  1f49adc807a564e7c1ecf32f58074a1230a6fe4764e8f54ce7ffa8c2e880dcca
- SHA512
  
  6e096399e0afeb7c5f1a2a60204b887e946b3b6bc926fc5a78a97592a202954ec5e83ececc3ab1f66a2343db10c2974c15462837df342b0c5f6ad4594bd21b37
- SSDEEP
  
  6144:iMuijXEeWt742E+F94FQoS+LZjXEmItnl9:HukEeWtEQr4Fi+LxEmItl9
Score

1^/10
behavioral24
- Target
  
  KMSpico/KMSpico/plugins/NvStWiz
- Size
  
  432KB
- MD5
  
  9e82e3b658393bed3f7e4f090df1fbe7
- SHA1
  
  bfff954b8ef192c01af9fb5d9141a21279cb9c31
- SHA256
  
  c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
- SHA512
  
  de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
- SSDEEP
  
  6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score

3^/10

discovery
behavioral25
- Target
  
  KMSpico/KMSpico/plugins/StartupHelper
- Size
  
  364KB
- MD5
  
  14934caca84d5fe0288f27efb31dcbf8
- SHA1
  
  98c8c659488a5782679112e0ffb089422a664ac5
- SHA256
  
  7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
- SHA512
  
  9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
- SSDEEP
  
  3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score

3^/10

discovery
behavioral26
- Target
  
  KMSpico/KMSpico/plugins/cache/ICQLiteShell.dll
- Size
  
  56KB
- MD5
  
  05e61539b8917fca37c03756bbdd043d
- SHA1
  
  5a72e0e528260de0ea5b34badb9e5f9873cb4245
- SHA256
  
  515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8
- SHA512
  
  565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97
- SSDEEP
  
  768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg
Score

3^/10

discovery
behavioral27
- Target
  
  KMSpico/KMSpico/plugins/cache/ICQRT.dll
- Size
  
  32KB
- MD5
  
  1aedcb8994d6ad63ef9dcb87016e028f
- SHA1
  
  f5b891aa15c6353b681bdb7e2d96c6ac8a5f02d7
- SHA256
  
  53e1f40144bab532f9700ff25ec3d5c6a39784a98e17fada583b4ee6d9dd5dbc
- SHA512
  
  89c0f408797c4d78afc52335a9e162345c614e1e419f55487cb358c14f7a69ec82138a7e6250be3133233386ba3659d241e80ab63c9b972b6c8b26b0424cb0c8
- SSDEEP
  
  384:+qtTeds1tkMAp4TxCW9su5UcSu93ggoXUQQIPGEANHl:FTedukelF95RjQUUPpANHl
Score

3^/10

discovery
behavioral28
- Target
  
  KMSpico/KMSpico/plugins/cache/Language/LiteRes.dll
- Size
  
  735KB
- MD5
  
  88962410244bc5c03482b82a7e3cb5e1
- SHA1
  
  4622be2d3deda305bf0a16c0e01bc2ecf9d56fad
- SHA256
  
  afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036
- SHA512
  
  c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c
- SSDEEP
  
  6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
Score

3^/10

discovery
behavioral29
- Target
  
  KMSpico/KMSpico/plugins/cache/Language/LiteSkinUtils.dll
- Size
  
  48KB
- MD5
  
  059d94e8944eca4056e92d60f7044f14
- SHA1
  
  46a491abbbb434b6a1a2a1b1a793d24acd1d6c4b
- SHA256
  
  9fa7cacb5730faacc2b17d735c45ee1370130d863c3366d08ec013afe648bfa6
- SHA512
  
  0f45fe8d5e80a8fabf9a1fd2a3f69b2c4ebb19f5ffdcfec6d17670f5577d5855378023a91988e0855c4bd85c9b2cc80375c3a0acb1d7a701aff32e9e78347902
- SSDEEP
  
  768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK
Score

3^/10

discovery
behavioral30
- Target
  
  KMSpico/KMSpico/plugins/cache/Language/WinRar.exe
- Size
  
  3.2MB
- MD5
  
  b66dec691784f00061bc43e62030c343
- SHA1
  
  779d947d41efafc2995878e56e213411de8fb4cf
- SHA256
  
  26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370
- SHA512
  
  6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3
- SSDEEP
  
  98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
Score

1^/10
behavioral31
- Target
  
  KMSpico/KMSpico/plugins/cache/Language/madHcNet32.dll
- Size
  
  921KB
- MD5
  
  d22b9da713ab36102c9c3d812af8c12d
- SHA1
  
  371fdbf6ae6a9a2e5c0560fc94eba3290028a252
- SHA256
  
  95b538b47e02d0ad2bd15d47efc18695d5e379ef61568b81ef405773d9c199bb
- SHA512
  
  e5ae51f79403358af60bb3ea663251badac57414813f5537d763b0b95504a393fb2d34c94c4b7328ec13f58e74a7147d3a72e63e62973c4c5d80671be1c8face
- SSDEEP
  
  24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Checks computer location settings

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

Legitimate hosting services abused for malware hosting/C2

Lumma Stealer, LummaC

Lumma family

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32