lumma | 581095ec74eca53f7ac02ce62cae0b77e068b78f7e0c58482a462075cede1ab8 | Triage

Sharing

General

Target

581095ec74eca53f7ac02ce62cae0b77e068b78f7e0c58482a462075cede1ab8.exe
Size

1.5MB
Sample

240320-cqn5gsfa6x
MD5

be38db257ff81d4b21062a0b8fd59e39
SHA1

8520a5591094c5c0daa954bb8230fdb8f7e628a0
SHA256

581095ec74eca53f7ac02ce62cae0b77e068b78f7e0c58482a462075cede1ab8
SHA512

1c27452b2622dc23a5b25c866ee11eaf1751483cf9bdcf56e8a86adcee18bffa7967d4e5dde02f4671521b17bc663f5076b0bed87c3cec67d3b434a72b7b388d
SSDEEP

24576:ABp91HjOU+K+At1D74ofhNthExSpiSXFReq0OtqI:A70K+At1D74oRhEQiQgqBtqI

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://peanutclutchlowwow.shop/api

https://colorfulequalugliess.shop/api

Targets

- Target
  
  581095ec74eca53f7ac02ce62cae0b77e068b78f7e0c58482a462075cede1ab8.exe
- Size
  
  1.5MB
- MD5
  
  be38db257ff81d4b21062a0b8fd59e39
- SHA1
  
  8520a5591094c5c0daa954bb8230fdb8f7e628a0
- SHA256
  
  581095ec74eca53f7ac02ce62cae0b77e068b78f7e0c58482a462075cede1ab8
- SHA512
  
  1c27452b2622dc23a5b25c866ee11eaf1751483cf9bdcf56e8a86adcee18bffa7967d4e5dde02f4671521b17bc663f5076b0bed87c3cec67d3b434a72b7b388d
- SSDEEP
  
  24576:ABp91HjOU+K+At1D74ofhNthExSpiSXFReq0OtqI:A70K+At1D74oRhEQiQgqBtqI
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2