lumma | 0b42eeb661e4cf8635ef4205a17073a5ea97143dcf042579540fd9d1a225bd4d

General

Target

Codex.rar
Size

15.6MB
Sample

240426-pxk3mabh79
MD5

afe31fd838fae3a3f3fb46bc6875b8bc
SHA1

10923315babb259fbe8218d9a7945f71fef0ed6b
SHA256

0b42eeb661e4cf8635ef4205a17073a5ea97143dcf042579540fd9d1a225bd4d
SHA512

dc969f33e442dcfa63a806090d357b4310c75313a44bdbe4400bab6215e91a2f44da994fe736d15c12ad00d85d348d7356e6d27ef8da2043f615766bec1d152a
SSDEEP

393216:nnYQSVHxqK+caxy4zhzp+cWU3LkGmlXJ4PcNamsCWxIt+YA:qVHxqK+Nzpb3ZWyPcfsCWStVA

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://peanuearthflaxes.shop/api

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Targets

- Target
  
  Codex.rar
- Size
  
  15.6MB
- MD5
  
  afe31fd838fae3a3f3fb46bc6875b8bc
- SHA1
  
  10923315babb259fbe8218d9a7945f71fef0ed6b
- SHA256
  
  0b42eeb661e4cf8635ef4205a17073a5ea97143dcf042579540fd9d1a225bd4d
- SHA512
  
  dc969f33e442dcfa63a806090d357b4310c75313a44bdbe4400bab6215e91a2f44da994fe736d15c12ad00d85d348d7356e6d27ef8da2043f615766bec1d152a
- SSDEEP
  
  393216:nnYQSVHxqK+caxy4zhzp+cWU3LkGmlXJ4PcNamsCWxIt+YA:qVHxqK+Nzpb3ZWyPcfsCWStVA
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Checks computer location settings

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2