lumma | 93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4

Resubmissions

17-02-2024 23:23

240217-3db79scb75 3

17-02-2024 05:08

240217-fsz7baca54 10

Sharing

Copy URL

Twitter E-mail

General

Target

Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
Size

66.8MB
Sample

240217-fsz7baca54
MD5

f5c5935ac75649654a3c831ed5fe6fa0
SHA1

52ec2e983ab06aa15750114a9e265d4fb5af7f54
SHA256

93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4
SHA512

a021f3cab542ccca8aff067d001d0c4494c6d1f49dd0e4776ab96f72edf5d87defc9a8ae81e5b39c5fc5d3cef618c6de04ea5d68b25d8e6c6975ad95e44257ea
SSDEEP

1572864:8yIoOPzJpq0jzwKSqj4uEv9oPoCvOFahjcWnSFnecJ3rrIpMU9doIny:8ywjc3qj4vvE0ahoWnkei36M0KIny

Score

10^/10

Malware Config

Extracted

Family

lumma

https://gemcreedarticulateod.shop/api

https://secretionsuitcasenioise.shop/api

https://claimconcessionrebe.shop/api

https://liabilityarrangemenyit.shop/api

Targets

- Target
  
  Installer-Advanced-Installergenius_v4.8z.1l.exe_pw_infected.zip
- Size
  
  66.8MB
- MD5
  
  f5c5935ac75649654a3c831ed5fe6fa0
- SHA1
  
  52ec2e983ab06aa15750114a9e265d4fb5af7f54
- SHA256
  
  93262012afae2e593d7bde52252613fc30365ffe3b893f62b8d9d3f47e6e11b4
- SHA512
  
  a021f3cab542ccca8aff067d001d0c4494c6d1f49dd0e4776ab96f72edf5d87defc9a8ae81e5b39c5fc5d3cef618c6de04ea5d68b25d8e6c6975ad95e44257ea
- SSDEEP
  
  1572864:8yIoOPzJpq0jzwKSqj4uEv9oPoCvOFahjcWnSFnecJ3rrIpMU9doIny:8ywjc3qj4vvE0ahoWnkei36M0KIny
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9
- Target
  
  0x000a000000023656-53
- Size
  
  686.9MB
- MD5
  
  3abe8b51f5087787b9c121b10f37108b
- SHA1
  
  4cb1fc54dc24f175c744a958e74ff84b5fb16d4e
- SHA256
  
  7ba93fe544def71fa435ae70911356845d19d5fcee1df71369aa537fe848c5d5
- SHA512
  
  fcee37f1e56aed457f71aa0c54f320e28a308c002d639bcd424389cb464ce18103746b470456f5824b28d079cead670bdcb8d691d8bed864544ffbfe2c75fed4
- SSDEEP
  
  1572864:jnhUzyh7u4k9pJmoLKAwhzTICA8VjcDJSx:jnikUDUzPAUj3x
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral10 behavioral11 behavioral12 behavioral13 behavioral14 behavioral15 behavioral16 behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18