lumma | 190facd0c36960d06367b4bfda0f9c0c8bfcaaef353402ae32765520163c8f07

General

Target

The Setup Files.exe
Size

21.8MB
Sample

240508-gr2t7aec8w
MD5

8ceba6883eb8c0ab6bbc8c2411f44a88
SHA1

eb389cf495903bbccf7d8b3b211d8fea5a66e5f6
SHA256

190facd0c36960d06367b4bfda0f9c0c8bfcaaef353402ae32765520163c8f07
SHA512

f4f9b71f317446ef620bcc4de818b773efa8bdb6ab75723b6b921afe2fd63c285827fd87398ee7c9826a89c00e659d1c832767e3fd52f113387135ac86d32de0
SSDEEP

393216:EoXIMQSRcG4AQZgOYMPw/9Juq8f30vnS5gZdvnFM+77pxwYFHkHyA9n7SIwO:PpR2TZLIFQ3f3P5md/G+7fEH3jn

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://penetratedworrsyw.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Targets

- Target
  
  The Setup Files.exe
- Size
  
  21.8MB
- MD5
  
  8ceba6883eb8c0ab6bbc8c2411f44a88
- SHA1
  
  eb389cf495903bbccf7d8b3b211d8fea5a66e5f6
- SHA256
  
  190facd0c36960d06367b4bfda0f9c0c8bfcaaef353402ae32765520163c8f07
- SHA512
  
  f4f9b71f317446ef620bcc4de818b773efa8bdb6ab75723b6b921afe2fd63c285827fd87398ee7c9826a89c00e659d1c832767e3fd52f113387135ac86d32de0
- SSDEEP
  
  393216:EoXIMQSRcG4AQZgOYMPw/9Juq8f30vnS5gZdvnFM+77pxwYFHkHyA9n7SIwO:PpR2TZLIFQ3f3P5md/G+7fEH3jn
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2