lumma | 7aef3228929bccd0715778c0eae7948f2fa233c5720d3b941e9dac152043a9ff | Triage

Sharing

General

Target

TempSpoofer.exe
Size

625KB
Sample

240420-q2lemaaf2y
MD5

e6b6c975e5b591288cc32e5459e823d8
SHA1

d234a345f28aa66adf2357b9a3253b12b204ed46
SHA256

7aef3228929bccd0715778c0eae7948f2fa233c5720d3b941e9dac152043a9ff
SHA512

203f4efb422c5fd6dbe5e4cb00cbee5e13920699d638fafc0d77b9d8be20b10213d3dc55d1c074e74c1f1b7d5089df7cf07ea4feb23e971d531e0d9563626f11
SSDEEP

12288:PFUNDakMcWUUysz/NhKjJPhM4/5bV/rvgE3:PFOakMcUDz/NEjlzxbVDvb

Score

10^/10

lumma evasion persistence stealer

Malware Config

Extracted

Family

lumma

C2

https://cleartotalfisherwo.shop/api

https://worryfillvolcawoi.shop/api

https://enthusiasimtitleow.shop/api

https://dismissalcylinderhostw.shop/api

https://affordcharmcropwo.shop/api

https://diskretainvigorousiw.shop/api

https://communicationgenerwo.shop/api

https://pillowbrocccolipe.shop/api

Targets

- Target
  
  TempSpoofer.exe
- Size
  
  625KB
- MD5
  
  e6b6c975e5b591288cc32e5459e823d8
- SHA1
  
  d234a345f28aa66adf2357b9a3253b12b204ed46
- SHA256
  
  7aef3228929bccd0715778c0eae7948f2fa233c5720d3b941e9dac152043a9ff
- SHA512
  
  203f4efb422c5fd6dbe5e4cb00cbee5e13920699d638fafc0d77b9d8be20b10213d3dc55d1c074e74c1f1b7d5089df7cf07ea4feb23e971d531e0d9563626f11
- SSDEEP
  
  12288:PFUNDakMcWUUysz/NhKjJPhM4/5bV/rvgE3:PFOakMcUDz/NEjlzxbVDvb
Score

10^/10

evasion persistence lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

lummaevasionpersistencestealer