lumma | ab6b30a965dd3df9d0160b13a2ad8be1616060951b2cc5b9338a86aa98ba793b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab6b30a965dd3df9d0160b13a2ad8be1616060951b2cc5b9338a86aa98ba793b
Size

2.6MB
Sample

240531-fg5bwsff41
MD5

305e09583ac8c51428790ece8057a1b6
SHA1

b39640f4229d0b550b1c8517f8a2a491758f3b8d
SHA256

ab6b30a965dd3df9d0160b13a2ad8be1616060951b2cc5b9338a86aa98ba793b
SHA512

b19058e7158d19635360cd214efa41b5d7e3444cc57f34e7f03a0c690025d36ab9d29af98a5e25ad1ad6299061fbba06c7aa49a5d094a07487e65e3eece33cfa
SSDEEP

49152:s4+3GG9VXr9woH38YLMFBomt4mPvrBBy8bKcD2k5YZ6WiPVkze3LwuP3zFm/QgS1:s4+VhwI3eCQBBvBD2k5YZ6W46e3LwuPn

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://considerrycurrentyws.shop/api

https://horsedwollfedrwos.shop/api

https://patternapplauderw.shop/api

https://understanndtytonyguw.shop/api

https://messtimetabledkolvk.shop/api

https://detailbaconroollyws.shop/api

https://deprivedrinkyfaiir.shop/api

https://relaxtionflouwerwi.shop/api

Targets

- Target
  
  721cc82cdd452ec3d79ed556e002ed67d122b384f0eaa09809b389c3fa88b491.exe
- Size
  
  9.5MB
- MD5
  
  92a37ff5181652c90127a6b0dac3d698
- SHA1
  
  4efc3a86cb4b84d4a91c7fe9454ac4de0ef0ba0a
- SHA256
  
  721cc82cdd452ec3d79ed556e002ed67d122b384f0eaa09809b389c3fa88b491
- SHA512
  
  053a3452301a9a44b1e3ad19952a6e6d2b4e5a049a8cc5ed7cf1f4f36e8d69ac06319b9415bb41065da782db56a20825f26c7851ce69517d0012cdd90679bb8f
- SSDEEP
  
  49152:yVNz/Cxy3i+Brb/T3vO90d7HjmAFd4A64nsfJbbw8nrCi7flLd5exyzApUYpUFKS:aB3i/b77t/exyztFKCzvfjE6yxW
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2