lumma | af14faa83ef43be891fd0e87d3cce5d37d90d372e8892b2a98c5eda8e67ca727 | Triage

Sharing

General

Target

2024-04-24_fd09d779314b96903f5e3ff6c27ce8d5_magniber
Size

13.4MB
Sample

240424-qt8vysag7x
MD5

fd09d779314b96903f5e3ff6c27ce8d5
SHA1

8edf0094f78382493b299992ab2d626e1abbf4c8
SHA256

af14faa83ef43be891fd0e87d3cce5d37d90d372e8892b2a98c5eda8e67ca727
SHA512

454854085073a214fd0642b786e4918aae9674e197a4dc1185de45b3bc31342d8f426a7ee2060cfb563c5daec4cec61a46058cc9be2d18040615f85aba5d530a
SSDEEP

196608:dYAgzUvRdvzUGZkof8M3hBiIEo0LMkxa3VFVUPRE7Yrwr1rXrrr/rirur/rTrXrv:ZPvzfvf8MviIEooMsa3WM

Score

10^/10

lumma persistence stealer

Malware Config

Extracted

Family

lumma

C2

https://palmeventeryjusk.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://bordersoarmanusjuw.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Targets

- Target
  
  2024-04-24_fd09d779314b96903f5e3ff6c27ce8d5_magniber
- Size
  
  13.4MB
- MD5
  
  fd09d779314b96903f5e3ff6c27ce8d5
- SHA1
  
  8edf0094f78382493b299992ab2d626e1abbf4c8
- SHA256
  
  af14faa83ef43be891fd0e87d3cce5d37d90d372e8892b2a98c5eda8e67ca727
- SHA512
  
  454854085073a214fd0642b786e4918aae9674e197a4dc1185de45b3bc31342d8f426a7ee2060cfb563c5daec4cec61a46058cc9be2d18040615f85aba5d530a
- SSDEEP
  
  196608:dYAgzUvRdvzUGZkof8M3hBiIEo0LMkxa3VFVUPRE7Yrwr1rXrrr/rirur/rTrXrv:ZPvzfvf8MviIEooMsa3WM
Score

10^/10

lumma persistence stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummapersistencestealer