lumma | d30e33e5f4ec42d96e1641697f3141fcd7f1f8fe8db9301fc72b540ba789f082

Sharing

Copy URL

Twitter E-mail

General

Target

Voicemod.V2.48.7z
Size

67.5MB
Sample

240420-a7cfxacg8x
MD5

d3d5f9aab88d2049051183a7539fd1fa
SHA1

b289c4eb02186b90d91f4ffde71aa72562683d1a
SHA256

d30e33e5f4ec42d96e1641697f3141fcd7f1f8fe8db9301fc72b540ba789f082
SHA512

d2d4223f8afa0e5923b6054c114971f6c9f67c6ee13415176bdc5ff898644428c31f219201073b7bbe72dc30783d2459c7c1d21920aa0bffa39ec486c2fc355f
SSDEEP

1572864:FDAMBI0N6glLqwhZun9DT/m8wM8B+fq6Eb5zb2PCRgQOGF0EC7W:FD3BR6g1juE8wfc0bKCSV+/YW

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://mazefearcontainujsy.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

- Target
  
  Voicemod.V2.48.7z
- Size
  
  67.5MB
- MD5
  
  d3d5f9aab88d2049051183a7539fd1fa
- SHA1
  
  b289c4eb02186b90d91f4ffde71aa72562683d1a
- SHA256
  
  d30e33e5f4ec42d96e1641697f3141fcd7f1f8fe8db9301fc72b540ba789f082
- SHA512
  
  d2d4223f8afa0e5923b6054c114971f6c9f67c6ee13415176bdc5ff898644428c31f219201073b7bbe72dc30783d2459c7c1d21920aa0bffa39ec486c2fc355f
- SSDEEP
  
  1572864:FDAMBI0N6glLqwhZun9DT/m8wM8B+fq6Eb5zb2PCRgQOGF0EC7W:FD3BR6g1juE8wfc0bKCSV+/YW
Score

3^/10
behavioral1 behavioral2
- Target
  
  Voicemod V2.48.7z
- Size
  
  67.5MB
- MD5
  
  cb5becb9d1752776514a6921ee904640
- SHA1
  
  aada33e228409c54dc9c8452815cec1f2d13c774
- SHA256
  
  a7652b03604f60086344a3ed6284b2eba4222e6a3252b2a9986c44f36549c86d
- SHA512
  
  f7137b2987016f37ecb3f83eb573043325baa5cc378cc25134eef98ef9bf9ec6adb2727be6794f3ba41b543c49da247c1e2f81888a39478e8c22f43106bf7e97
- SSDEEP
  
  1572864:wdvx4uuKnFEEqPdal92jiMzjDJmzpepRktDJL7mbAvcsJkbwYyf:wdp40nFAQlmjDuYktIbcl2klf
Score

3^/10
behavioral3 behavioral4
- Target
  
  Voicemod V2.48/LICENSE
- Size
  
  34KB
- MD5
  
  d32239bcb673463ab874e80d47fae504
- SHA1
  
  8624bcdae55baeef00cd11d5dfcfa60f68710a02
- SHA256
  
  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903
- SHA512
  
  7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c
- SSDEEP
  
  768:Mo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7D:Mhcycsrfrnoue
Score

1^/10
behavioral5 behavioral6
- Target
  
  Voicemod V2.48/PhysXCore64.dll
- Size
  
  4.4MB
- MD5
  
  1c26757fc0906004df702aa7f6c6e845
- SHA1
  
  dad6890b6f51c165e540ebb686255cd047a19b23
- SHA256
  
  d4a9a3d1aca8ece3dcf65ad4e2d01cbe16ccb0373da57a740d8b7818268b636a
- SHA512
  
  c900af3c94e91f25dd5f3f1e8926f90c69a0d8375ea4abe11a93520baae6c1af31db6d72ba69b1d695b655ab9c85be99cb2785298c4c51f013c43495215556b9
- SSDEEP
  
  49152:bF+Sixm8YZATHpZt4nPYkwUMUuDLv7NNmJtum9/Qyh4+T1UPR/TtnZf8GxYdp:b7iiGpyKAtQy6C6BOp
Score

1^/10
behavioral7 behavioral8
- Target
  
  Voicemod V2.48/VoicemodSetup.exe
- Size
  
  493KB
- MD5
  
  bf8be626b9b471fa8d28a8eaf8a318f9
- SHA1
  
  d0b706240de97d48fd5442332c712db171d545b5
- SHA256
  
  a079900bde437ddbcffacc5d40dcce4ce383699f9d2fa0a4cf43ba4de601e512
- SHA512
  
  8da64569135c48b306fac8ae9c9b2daaa0bfa05bcf99605a1dedb4653c983a3ad0465b5f5291a73badba2394b0b34c221bb93ba15aa6a527c8d034fffcbc0bf1
- SSDEEP
  
  12288:+0zit5bNErysNGJunuh30tXd2n50V+srAWSmGaFoCe:PitBNY4onuhqd20dkwuR
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  Voicemod V2.48/bootstrap.min.css
- Size
  
  106KB
- MD5
  
  99d2b8992e26f67bc9e5dca610635a60
- SHA1
  
  a34370c45874d50b7b8bb99d23b1b2c2980ccba4
- SHA256
  
  63488969057ba45c66a01d4c8075c1ae64f34efc4b9f5314cd620ea694823261
- SHA512
  
  aaa9ab93de16b4b3a5682aa6efba257199e66fa4cedece0468b9856ed1e2c3ca0ac1cdc31ad38475388790a47179675ac4d5ac8fa28a09b0236a2b56a0ae22b7
- SSDEEP
  
  768:ZbGxwUkBUmlpztzuRdvGN6eABkdIUIbZbnbJN8gwaKNhL3tqNhkRQmNaw:ywldERdvGNIkabbRk3chO
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  Voicemod V2.48/data3.bin
- Size
  
  56.1MB
- MD5
  
  6f3cc2385b3676dc93a6788ad5ae5501
- SHA1
  
  ac0713d2e62dbc2a93fd6fdfa3dce01f0d4a8207
- SHA256
  
  c96e6820bdd60531c12b787bf775ec0ea83d5b6f9074b600591082fe9d708ff5
- SHA512
  
  a143c832d8148dc8f8e379db9bb2c8b2aa870e5ac60dcedbabc6e447ef8ea628e2ccb79e11a778768405c1996606460a1fd7b666b768dd17bf8d6b85150eefc3
- SSDEEP
  
  1572864:EplSZtRPP0Sq0HxvPnXoJW5fo/k+dcvGf+YFMRJ:EbSLRnzq0RvPXoJcos+dcORML
Score

3^/10
behavioral13 behavioral14
- Target
  
  Voicemod V2.48/dbgcore.dll
- Size
  
  162KB
- MD5
  
  8bb7fa4422c9ddc162051d8b7e5522d7
- SHA1
  
  07a01c2ccffd3d27f2a0d0ddf38dde1dd10455ec
- SHA256
  
  db947c07167069d3de9e8a637baf01298984355d775ec49801115d7e5f2e47a3
- SHA512
  
  7bfbbae884fe9f2235dd24ab9b0f5d35bc6af28bb6e562c000e36962be47de53bf9adc44e8b2d75b1c911a51d1e354ff94e216e66089269e6c7dee8085b98a60
- SSDEEP
  
  3072:XBvYv24Qwk0uHtYN2ZrO3p5oKKASB0ddOQYgOxTsvmbtIahY2rAW:XBg2VWuo3554ASB0ddOgahMW
Score

1^/10
behavioral15
- Target
  
  Voicemod V2.48/dbghelp.dll
- Size
  
  1.8MB
- MD5
  
  3fbb5bbc320109a3adf8866289a81211
- SHA1
  
  543b936a89fbdb0220381eeff0824b3968390e82
- SHA256
  
  3d92df0984662298a09d988aff0bb7c3081a46bf48177b7af02d3552641f77e9
- SHA512
  
  e4fe89ffa2b723a8162a7eae05f42639a6cf86bca77495d2834fa0f58131ab8fac8336901f8bdce19c5b5b49aa6c5c4b0056febccf42b8fe395401696d0694cc
- SSDEEP
  
  24576:VOTeT88eTQhAWiJhXsg/537W7rDLIVn0a1pCVBz2P583pdj8DqF2gIMYT5q4NZrn:gCTwOkh37W7zI1JDUA583pEqF2gIr5vb
Score

1^/10
behavioral16
- Target
  
  Voicemod V2.48/default.css
- Size
  
  2KB
- MD5
  
  63d1ba9723f4c05412fe3b3ddf302847
- SHA1
  
  5e7543bcc13a79446dab1ed7e446dd473a633514
- SHA256
  
  504c4a0980e6ec809da02ce16b73151622a2fdfb4409098c7ce96c1cac9b3735
- SHA512
  
  0267d2b166882874261afbc95fa3cf4e0e5c302cb1857a3d960567a6319c0570f59159ef58e584b4e80b5535a30ce2de76c0ce3d2180390271efda238812be69
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral17 behavioral18
- Target
  
  Voicemod V2.48/dxcompiler.dll
- Size
  
  18.9MB
- MD5
  
  7f4bcd184c8e5649627b9269021669ca
- SHA1
  
  872ea08fb58699c22b9395704096c13a26f265c1
- SHA256
  
  71405a9a5df6e4f3d8c8b46a8f59d0877860e7a6240638ec14b3775856cf836a
- SHA512
  
  97f68f72ca6425ba4177e65b5def8dc20d2aa282b848efe4242bf302a1ab56d57aef8c95c952e21120932cac835b338b8933c3b667809f46f5cae13b87a9ac39
- SSDEEP
  
  393216:cr+5aq5W9hakSTLD5OcHvNOWStBEELm5nNLMJpC6aTOJS:c65WTa3TtBMnOOE
Score

1^/10
behavioral19 behavioral20
- Target
  
  Voicemod V2.48/libEGL.dll
- Size
  
  106KB
- MD5
  
  850b351d847ae631781f64154fb98188
- SHA1
  
  64ed3e9f0058176f18b6945c6a72fc17438fccfe
- SHA256
  
  8b4bdffcf40c5eaacdab851b0ebe6e41a7d6b29268c6ad939aec5fc2f581fae8
- SHA512
  
  32f430702e8775eaa30e0ce6b675055bce9a3ac68d54a5e1c17bd0643954ac5b5899c03281c755fa569128f8b3d14f3a310b12b6823199d6c10544caf5a60a3e
- SSDEEP
  
  3072:V+3TsK70ZSfjFBnQcPsWWrgkkHEslxaQj:s5bfpZlPUm
Score

1^/10
behavioral21 behavioral22
- Target
  
  Voicemod V2.48/libGLESv2.dll
- Size
  
  4.9MB
- MD5
  
  9b8810e050de644056d83d6f0225b763
- SHA1
  
  80a8d69751d66713fa1555a353d1c68977a88721
- SHA256
  
  cdc6b220d5bf0f474dd5b4cb713e94e6f9aa637aaef528aea16f90537d733a05
- SHA512
  
  d3a79a43f3ca074ef5ac055122d09361f7359311b2502d8e5f716497886dee7cd17de96b845b81fb59f0ebf6639230528187742e651cce498795ad427886473d
- SSDEEP
  
  49152:wootXNas9yq0oPWARCzfmVFMnpNmQaPRoym6bPbfvCWDsxUOEtBVR7pVzIzJHeLA:yVA5o8eVF8OjhK0SOt/pLbk27w
Score

1^/10
behavioral23 behavioral24
- Target
  
  Voicemod V2.48/libScePad.dll
- Size
  
  125KB
- MD5
  
  922a58e5a367a636f4b403944ad3a833
- SHA1
  
  1fda1eedae51a0d4e3fda54b5860cef2bd2ee9be
- SHA256
  
  5a2803c7fecff9ff0ce8dbb3e3f13063bb12c18f5516e993342d694b84b3a4b5
- SHA512
  
  32c171fb8f2f6effa7c399fb3970098233463faf24503728bd9045fca44383db053fdad62bf3f0f174d5eb3c118876de094c324f50457f0021caf3dc0567cc66
- SSDEEP
  
  3072:OX4OC90WTHnNWTg4qWsXd9qVX6O6JxF5vxaImVfp:7OaLnoTOXXd9qVqOuX8Vf
Score

1^/10
behavioral25 behavioral26
- Target
  
  Voicemod V2.48/libexpat.dll
- Size
  
  169KB
- MD5
  
  5c53a6a639cd162ccb6dfc757327a906
- SHA1
  
  7988c17bc0fb47088f01400fc4d96d389751d39a
- SHA256
  
  80d76961e60e20de1bd0b7577095d184e027cde2aeb0e81f024a4d0813d9c345
- SHA512
  
  c48080d21cc9e12426f44e04d1d1ca92a1204b18d47c12faa9393f24b680072b9886bb01482a8c921aad6dfd0ee2ef399792a49c12e3f482042bd0a20d3c03e3
- SSDEEP
  
  3072:lQltUNyOcU+t9kIojqIrBb05YTOErXXwkh3UHUcUrUSIwZL4:lQleN1aEb05YT1rQSk0f4
Score

1^/10
behavioral27 behavioral28
- Target
  
  Voicemod V2.48/libpad.dll
- Size
  
  67KB
- MD5
  
  c14b976ae5b072e84d79b802aa4206e4
- SHA1
  
  f0d0c2afdc7fb9d93474b2109c111a1f1c79986e
- SHA256
  
  b16f2086046192840b6c4aa90a245de903fb79333f35820369fc687f13542f56
- SHA512
  
  a6463d914f7fbe6dcf905400b7271216a6437e344f57c7a192beb91a5b0931b47b5f8ae03a4780e7faa996347aeb81112f97a6105c9bf08b7b3782ce844aaa16
- SSDEEP
  
  1536:wZA9Gj3Iz5RLG0Lnq/kY4HQfHL8s9ddH5/:wZIe3INRLIkYK480dZ5/
Score

1^/10
behavioral29 behavioral30
- Target
  
  Voicemod V2.48/libtools.x64.dll
- Size
  
  3.5MB
- MD5
  
  e83bafa12d7af874dc101fd14a390a13
- SHA1
  
  b1fa094e67518e9447e056b637bd8d2d9a49a516
- SHA256
  
  a096845bb688decfa1f4e4d2dbff19d91ba27904ab2c837d92f802ed0601d1d2
- SHA512
  
  364f21e88060cd13132c3ee48368f921d6dab5f8c95c50d67ba0817d2661b6999ec2c88a2fa8a4688c4fe4fb3eae53d62a9116006815f301dc7a17743e7879cd
- SSDEEP
  
  49152:6xGx9nfXkEOvg4PuD1sZzJnvSomQ0yFB0e9pg3kPLA7j0TcAKHlN:CGDm5HeDkDOZAKFN
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Suspicious use of SetThreadContext

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32