lumma | 4303bc84d53234350548049163ddef5af4d8b6153a34cabba801ae539fe01d4a | Triage

Sharing

General

Target

tmp
Size

827KB
Sample

240424-nh2w6ahc4s
MD5

a56d7d8ff2831932bbe64f971e88525d
SHA1

750ceae0722793c27163ac15bede44c0d9d9ffa6
SHA256

4303bc84d53234350548049163ddef5af4d8b6153a34cabba801ae539fe01d4a
SHA512

ac9773c0546bbf5b776ddb6e41d398000d1856aeb0fdc16b742eacf889cb77ef29b29a68f906470c6e850dba42e722ccb83fcd139444d112e7f86bb0e83ba6d2
SSDEEP

24576:4bJhAiQecjQ+bpL/YDhkDqkEt2yhT3oU3ml:y+k+18O1ST47

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://allowbloodythinkews.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

- Target
  
  tmp
- Size
  
  827KB
- MD5
  
  a56d7d8ff2831932bbe64f971e88525d
- SHA1
  
  750ceae0722793c27163ac15bede44c0d9d9ffa6
- SHA256
  
  4303bc84d53234350548049163ddef5af4d8b6153a34cabba801ae539fe01d4a
- SHA512
  
  ac9773c0546bbf5b776ddb6e41d398000d1856aeb0fdc16b742eacf889cb77ef29b29a68f906470c6e850dba42e722ccb83fcd139444d112e7f86bb0e83ba6d2
- SSDEEP
  
  24576:4bJhAiQecjQ+bpL/YDhkDqkEt2yhT3oU3ml:y+k+18O1ST47
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2