lumma | d5c78b62b3a63008127a31fdb356bcc8fc8a301c660708467525660d802d32ee | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.Malware-gen.5981.9189.exe
Size

965KB
Sample

240212-w9f3rsba2x
MD5

ff36088c0ded85dbc225f0913cf67a7b
SHA1

c8c792f2beaaf1f8abbcbfabedd59b6cb319a5db
SHA256

d5c78b62b3a63008127a31fdb356bcc8fc8a301c660708467525660d802d32ee
SHA512

473bb5ce8b5b928b2588a744bac8dc7bcfb5ba107f20d5951da8ddf73cf6b18249083b018da311f88fcb3fd6feb2f84a7d1da0dcb473c8fde74818ea3c4990b6
SSDEEP

24576:R0LJ7wf5s8usysS3Fx1nwwsSZYxLUgaPCsp72Cyd5xHfTjB:R0LJM/u+UtJZATdrHfHB

Score

10^/10

lumma persistence stealer

Malware Config

Extracted

Family

lumma

C2

https://sustentatorcoagulat.fun/api

Targets

- Target
  
  SecuriteInfo.com.Win32.Malware-gen.5981.9189.exe
- Size
  
  965KB
- MD5
  
  ff36088c0ded85dbc225f0913cf67a7b
- SHA1
  
  c8c792f2beaaf1f8abbcbfabedd59b6cb319a5db
- SHA256
  
  d5c78b62b3a63008127a31fdb356bcc8fc8a301c660708467525660d802d32ee
- SHA512
  
  473bb5ce8b5b928b2588a744bac8dc7bcfb5ba107f20d5951da8ddf73cf6b18249083b018da311f88fcb3fd6feb2f84a7d1da0dcb473c8fde74818ea3c4990b6
- SSDEEP
  
  24576:R0LJ7wf5s8usysS3Fx1nwwsSZYxLUgaPCsp72Cyd5xHfTjB:R0LJM/u+UtJZATdrHfHB
Score

10^/10

persistence lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummapersistencestealer