lumma | 6c2a40998028849e7f033918065886102be34e9674e17c7d9db6f3877bc85a9c

Sharing

Copy URL

Twitter E-mail

General

Target

installer_v1.3.7.7z
Size

24.9MB
Sample

240425-svbmysca2t
MD5

8059cdf426007a7da34b044decaed17c
SHA1

a298c596cc09b1b727be9afc4d19034551347073
SHA256

6c2a40998028849e7f033918065886102be34e9674e17c7d9db6f3877bc85a9c
SHA512

69cbdd5c38683a37e14491373dafdea7740240f95bd02576d4d27c28597e71116f5ab2804d86ac3c7d6b56ae47147566d5e0aa3184250044f159093ae837e26f
SSDEEP

786432:GfRHg9kbNcy6Nk8l+P0L19zRF9Xump42WvR:qRHJbmxNRl+cLzzRF5pM

Score

10^/10

Malware Config

Extracted

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  1.2MB
- MD5
  
  0edc62a65d1081dc5d7b85b678ab57a5
- SHA1
  
  1e1448bcce4f519920f50e12cbe27b79418036b3
- SHA256
  
  3ea65c50a29c3ae43f9bd78041b110785429a768b3e006da768baaf12f327b63
- SHA512
  
  4ab96c86203104d741c166f1980b04a5e74c1e294b676c4dccaee9eca5308ea729099d7dbfea605b5037181c57c4f870fe0b3ff5008b4f8b2b60ed0f95cc1db2
- SSDEEP
  
  24576:0g16H28pon7yhsS6RUOviFG7IrCJ366q1FP3fkTV:0O0on7yhsS6RUFUDRVskTV
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  data/Engine.dll
- Size
  
  9.7MB
- MD5
  
  981021d0a827344dd8ae30a5c17dddcd
- SHA1
  
  5903cb8fbd21122204ccca5f7a9fafb0321d82a7
- SHA256
  
  da7a7b458bc36737eda2c3f46a3695eadae083165b5f148d681178d06db57275
- SHA512
  
  8ea9cfbe52887560d139b5489016a29f21bbf10f374b1c8baa1985c76c9ca75c1efa1dfb5a2b4ea2d7b5f95e62555daddb60da43da5d7cae929f3b8a77faedd7
- SSDEEP
  
  196608:1Qvv99NGfRoG2BaCZf2AEhsza67TlBe8jEQN6BXraZOdgMU+qc0KM/:aboAgauA0sBv9jBmrTRZrM/
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2
- Target
  
  iconengines/qsvgicon.dll
- Size
  
  37KB
- MD5
  
  90bb882a4b5e3427f328259530aa1b3b
- SHA1
  
  a4059f0c105f4e2abe84efc4a48fa676171f37c5
- SHA256
  
  b2b420aa1805d8b5dc15ccb74dd664d10bd6ba422743f5043a557a701c8a1778
- SHA512
  
  a486280bba42d6c2d8b5ca0a0191b6b29067e1c120f85dbff709a4a42c61d925804915f93f815f56c9ca06ea9f8b89de0e692776524d28d81e29ef1c75501db8
- SSDEEP
  
  768:ps7Ss9mMa0qnobGobEng53IdR4rXDd/+Hb0RPNRuBNJOqUVyvC:s95aoZEgGdu7Dd/YbOPybJ/XC
Score

1^/10
behavioral3
- Target
  
  keygen/mit.dll
- Size
  
  1.1MB
- MD5
  
  67130d64a3c2b4b792c4f5f955b37287
- SHA1
  
  6f6cae2a74f7e7b0f18b93367821f7b802b3e6cf
- SHA256
  
  7581f48b16bd9c959491730e19687656f045afbab59222c0baba52b25d1055be
- SHA512
  
  d88c26ec059ad324082c4f654786a3a45ecf9561a522c8ec80905548ad1693075f0ffc93079f0ef94614c95a3ac6bbf59c8516018c71b2e59ec1320ba2b99645
- SSDEEP
  
  24576:CBULPHc9UKJayhv6uaDGXcRY0Pt4eY/qL6I4tPxVCBfe6w:L09UpyuDMaoHI4tPxV56w
Score

1^/10
behavioral4
- Target
  
  libEGL.dll
- Size
  
  18KB
- MD5
  
  379358b4cd4b60137c0807f327531987
- SHA1
  
  b0a5f6e3dcd0dbc94726f16ed55d2461d1737b59
- SHA256
  
  0ff1d03926f5d9c01d02fae5c5e1f018a87d7f90a1826de47277530bfc7776f8
- SHA512
  
  097c08135d654596a19ada814ad360a8c2374d989cbd7094c6acb092e9854abf1f1d878d3da72b66c4c75806586bee7fe04d555a1d82db170725bdbeadea7d50
- SSDEEP
  
  384:rLyPunoshzdtnbuH0aXOk0GfZh5g+zCxU:rLy7s5dJuHHOqhyy
Score

1^/10
behavioral5
- Target
  
  libGLESV2.dll
- Size
  
  1.5MB
- MD5
  
  aebbd25609c3f1d16809c02f12e99896
- SHA1
  
  7675d0f61062490b8c7043a66a8d88d5d147f7a9
- SHA256
  
  6765d163fae52331dfdcccab371c9b8b5cd0915bfdb14bbf2ca5d3f42bb29f4c
- SHA512
  
  a441ae0fe98ae39ed7fd1feb410bcac3aba9179242c62166190926588b97e11f0a3442d0619c6a2f6070e336a82d7fcabeb89461ff15fe878da13f2a57710f87
- SSDEEP
  
  24576:IGyEmXb3NBT+BZDQnVjDuBy8aTnilzT8QreNdJU8GAeZRyRWh:I8mr3OaDVXnilcQreNdJU8GOWh
Score

1^/10
behavioral6
- Target
  
  libeay32.dll
- Size
  
  1.1MB
- MD5
  
  67130d64a3c2b4b792c4f5f955b37287
- SHA1
  
  6f6cae2a74f7e7b0f18b93367821f7b802b3e6cf
- SHA256
  
  7581f48b16bd9c959491730e19687656f045afbab59222c0baba52b25d1055be
- SHA512
  
  d88c26ec059ad324082c4f654786a3a45ecf9561a522c8ec80905548ad1693075f0ffc93079f0ef94614c95a3ac6bbf59c8516018c71b2e59ec1320ba2b99645
- SSDEEP
  
  24576:CBULPHc9UKJayhv6uaDGXcRY0Pt4eY/qL6I4tPxVCBfe6w:L09UpyuDMaoHI4tPxV56w
Score

1^/10
behavioral7
- Target
  
  license/backupkey.dll
- Size
  
  10.5MB
- MD5
  
  4d5e157915e455cc18b2c3cbd0f8ce88
- SHA1
  
  7b33623c290ab2c26db25d7fdeebc9c1c710faa8
- SHA256
  
  514bb83e65b9124e1b3a99fd69b3f3d1bf1767a5351ad16286839bb305d1256e
- SHA512
  
  f7c27529a6d73bc2dbc9b699fe1283d30788f2f3a6546375c7144d789933503814350342fc9e8fa3b1f8c43b5563540658be35946aeae2c86b3034d941f5cfc1
- SSDEEP
  
  196608:2qqsnKH3AtgzhtQWzVlPsRwg1wRsTh6LdAMI4vvvvV:QMtgzhtZzVlPsRwg1wRCU
Score

1^/10
behavioral8
- Target
  
  license/genkey.dll
- Size
  
  19.7MB
- MD5
  
  91bbf94eb4493d7da15f237143c720cd
- SHA1
  
  711940e07b1de1813aaba31e2507aaa89503f1fe
- SHA256
  
  4be9f9449603808bebcaded59bc562fd82425c95c3907d624ab91231316ab6d3
- SHA512
  
  f4514c73e7bcaf414e2ab131faad7fae4a2e812de8e653017beb5b4c81187949d070173b63386fae0faed39fcfc155eeba15ee6c88c73ef331043cf5c6aa87f9
- SSDEEP
  
  393216:xtmKYez8e1VdIN/v0WHEbq0jLi+DOANGnDxZpO74d+p5FfPv:xAKre0WmRNzf
Score

3^/10
behavioral9
- Target
  
  platforms/win32.dll
- Size
  
  123KB
- MD5
  
  5d25e492836df0ae8b869ef9077f1ca8
- SHA1
  
  68a50b52caaa89ba04f2f6617c9c3bf18e7f8ac1
- SHA256
  
  c05047a341742504f8312a0b274c19fbdcf0bfd37f76ae2277491ab8b2297a5c
- SHA512
  
  fc107e0b95ca7095f0fcc94d26ed1ffbc9bce74063edc8f12104e68b52da6c73b8d72c1cdb81535a135ac849ccef5fd69a2004fa2ecf6dd41a0f8658f2bd6830
- SSDEEP
  
  3072:YfLOXurSBlfHfG2N1X5S4RvSCzdPV0VXkjf5l:aElt3SsDdPVLjf5
Score

1^/10
behavioral10
- Target
  
  platforms/win64.dll
- Size
  
  1005KB
- MD5
  
  be068132ece3f794f09c9d6b5ba20b91
- SHA1
  
  859599fa72d128e33db6fe99ba95a8b63b15cc89
- SHA256
  
  59dcecb111aa15159414819f4f522e7f90597939cab572b982beebee5dc0efdf
- SHA512
  
  13829ae9b7bd0cba95800075b24570f3c70a6c4b3d4b3c4da76b0077e37c75194e929d8d56a2db69e22a319ba5077d188a6f3baedd1f69f79979717d6f6d1b6f
- SSDEEP
  
  24576:CIqDMndk36C66mKncbHaxw5XaO7eN2ZNLY:pm4Wm6NcDaaNLY
Score

1^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Suspicious use of SetThreadContext

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Identifies Wine through registry keys

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11