lumma | df0c393f7d41e7f36bae4cdf5f63869c1c0b7fe7c567c2844c5da88906dc7e3e

General

Target

df0c393f7d41e7f36bae4cdf5f63869c1c0b7fe7c567c2844c5da88906dc7e3e
Size

2.1MB
Sample

240608-ecw92sgf2y
MD5

a1ad46e02818ee49a291ddd29f09f216
SHA1

69212dce9518f612922ac5fe638832b8a67385d2
SHA256

df0c393f7d41e7f36bae4cdf5f63869c1c0b7fe7c567c2844c5da88906dc7e3e
SHA512

af0c36d46b2e83c8e51a2db023fca75effe780d1506b0082811c20f4a8e40df74bae339a0b6c2e12dbd24d4333e5614131bc8942c0b266d6de2cc16fc0431a2b
SSDEEP

49152:1Djlabwz9iDjlabwz9+HjAr6EwEVulQgsXd4WfLW+ZrZznYR:Zqwwqw7rmEVulQgYxDPZzYR

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://greetclassifytalk.shop/api

https://distincttangyflippan.shop/api

https://macabrecondfucews.shop/api

https://greentastellesqwm.shop/api

https://stickyyummyskiwffe.shop/api

https://sturdyregularrmsnhw.shop/api

https://lamentablegapingkwaq.shop/api

https://innerverdanytiresw.shop/api

https://standingcomperewhitwo.shop/api

Targets

- Target
  
  df0c393f7d41e7f36bae4cdf5f63869c1c0b7fe7c567c2844c5da88906dc7e3e
- Size
  
  2.1MB
- MD5
  
  a1ad46e02818ee49a291ddd29f09f216
- SHA1
  
  69212dce9518f612922ac5fe638832b8a67385d2
- SHA256
  
  df0c393f7d41e7f36bae4cdf5f63869c1c0b7fe7c567c2844c5da88906dc7e3e
- SHA512
  
  af0c36d46b2e83c8e51a2db023fca75effe780d1506b0082811c20f4a8e40df74bae339a0b6c2e12dbd24d4333e5614131bc8942c0b266d6de2cc16fc0431a2b
- SSDEEP
  
  49152:1Djlabwz9iDjlabwz9+HjAr6EwEVulQgsXd4WfLW+ZrZznYR:Zqwwqw7rmEVulQgYxDPZzYR
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Checks computer location settings

Executes dropped EXE

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2