lumma | aa1084513e11d4835540d3372a0de70b3c00ca129f85e6b7058ecb034b36048d

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.rar
Size

12.5MB
Sample

240607-sx3jfsbe25
MD5

a49942af62155ae22d743f6fca751f3d
SHA1

ee84ef0dca9e2544c130dda86ca25f57624b9628
SHA256

aa1084513e11d4835540d3372a0de70b3c00ca129f85e6b7058ecb034b36048d
SHA512

ed3ffff3896fd524f73109f05bb2afe2d5bdac6740fcc5c680be4a4bd28e0a5d6143a029ce8517b50df99e5195c58f9278fd64b47803c2fc4d8283bd6c1e8424
SSDEEP

196608:0e15AjlgRNNsnLIUN5/+anisEuSf/zcfRKchPf/q2dORRliOuzoTCQS:BuPLIq96uSnshf/vOYOu7

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://distincttangyflippan.shop/api

https://macabrecondfucews.shop/api

https://greentastellesqwm.shop/api

https://stickyyummyskiwffe.shop/api

https://sturdyregularrmsnhw.shop/api

https://lamentablegapingkwaq.shop/api

https://innerverdanytiresw.shop/api

https://standingcomperewhitwo.shop/api

Targets

- Target
  
  Cracker.dll
- Size
  
  56KB
- MD5
  
  404aacc737a9d30147d30cee6be0abba
- SHA1
  
  5f49b9197d73b53eb3473c80a6f25dc068421baf
- SHA256
  
  3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
- SHA512
  
  eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
- SSDEEP
  
  384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Data/Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral3 behavioral4
- Target
  
  Resource.dll
- Size
  
  10.7MB
- MD5
  
  641dadbb3f03938da99bf7c6c4cc482f
- SHA1
  
  b21bdb69a17642ade8e62fcbd779ff1bc89ea809
- SHA256
  
  883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
- SHA512
  
  7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
- SSDEEP
  
  196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score

1^/10
behavioral5 behavioral6
- Target
  
  Setup.exe
- Size
  
  608KB
- MD5
  
  11be050f771a4b60d731464f6db5479d
- SHA1
  
  e273ebbb5d8aeea9e1e2c5df76da22e40f4231fd
- SHA256
  
  8d529fe1e7238d741ffe62357dfbf632beb869b7954900d96133cdc290f06790
- SHA512
  
  9678b5563cf5e7f33b16439768207665c9ef0599dc978ab9cd5b37afe1ddf580c462f7f23ee908b504568e42d11d05d41d3a249161dd08616aaf5e051e8f8455
- SSDEEP
  
  12288:KCSAVVhuBjUgpVRbX+zPudU8rOGmrsdlipcjgYPrKYlQcN1m6wif7sY4+QumXGPd:KCSA1uqgzRz+zPIU8r10P
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  libGLESv2.dll
- Size
  
  5.8MB
- MD5
  
  fa36a0ac7e17ed74f89ab26e87bca822
- SHA1
  
  494e1dba754233be49507800046cd464b7a95df0
- SHA256
  
  9288b00918210aba7bfb178aad65cb8b78f3704d346b3b9c3c28782aaa5b22cb
- SHA512
  
  657ef09896e6f23b995a80829799418cff93ff279899f5c443b01d05b391f3b30ae87a24e6830e3c1baa0dc45ac31df0f827d9757508cf52c840760109aae5ca
- SSDEEP
  
  49152:/pQCuPTkVllbkLWjnUsPgb07Qk4kX5RK6M4LQJ1jBpWs8JB0hXGDew3fGwuIiJ/D:xQCSwAsgXjpWs8ZJBl/
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Lumma Stealer

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10