lumma | ca2b787bb72f0bd9d79013aa93800bfd84c73aad74662c48e69425e4adfb549b

General

Target

data.zip
Size

7.0MB
Sample

240611-wzv4yawerg
MD5

665d5cb8bf03ea4637f8a1eb891237cc
SHA1

4d290fd2e61cc68d77511ca7dd31671b019c795b
SHA256

ca2b787bb72f0bd9d79013aa93800bfd84c73aad74662c48e69425e4adfb549b
SHA512

f4ac9d244f829db32a100d3f7728989120506972df79ac1b9f4996aa7ce68b04a1939aa54702b8b9b36469301b4cd6386871be1ab79d7a1528f4da251899f900
SSDEEP

196608:P5BbYhk9QG+Obzpmg96OMh+v31oYOhevg:PnUhNtid996OPoYOqg

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

C2

https://secretiveonnicuw.shop/api

https://liabiliytshareodlkv.shop/api

https://notoriousdcellkw.shop/api

https://conferencefreckewl.shop/api

https://flourhishdiscovrw.shop/api

https://landdumpycolorwskfw.shop/api

https://ohfantasyproclaiwlo.shop/api

https://parallelmercywksoffw.shop/api

https://barebrilliancedkoso.shop/api

Targets

- Target
  
  hv.exe
- Size
  
  8.7MB
- MD5
  
  480f8cf600f5509595b8418c6534caf2
- SHA1
  
  dc13258ebb83bdf956523d751f67e29d6e4cf77e
- SHA256
  
  6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2
- SHA512
  
  f0bd99f68d59e80538fb276945d0f383394cb94a35c6d12ebd3e87061222249f78b9ca75716b33e36b66842b97c71149612111fcb6a8a3bc3a97635b03934aaf
- SSDEEP
  
  196608:Ywdj1UbkCchr3rlFE8GCWhKUzGZ3gRTFHnBz58//o:Yw91Ubkxhr3rlFHWhKUzGZ3gRTFhzi/o
Score

10^/10

lumma stealer
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  iepdf32.dll
- Size
  
  4.3MB
- MD5
  
  f3f6876d132eb277842e31ddc42aa7fa
- SHA1
  
  9c167a2854ed106b74dff55a30bdefc55b140e9a
- SHA256
  
  4ba2ddde8a4549d08bfe4441643aa626e84d7653b8ddc6ed61823e78aeb3cdf1
- SHA512
  
  38b86c745945b0f97461542f89b2570210ddc3fcfeabfe2243a3b861dd80be6641e4b4181956d73926b7926d7c460db8a908ccb912c5209003ee24427aa135f9
- SSDEEP
  
  98304:lszKnK7RZKZk8AZ1uWhgTsOTbUW5gmTKuCIUePaFownQCICDQ9:dRZkB1WPgmXPa+CICDA
Score

3^/10
behavioral3 behavioral4
- Target
  
  shovelnose.deb
- Size
  
  827KB
- MD5
  
  90b47672d8134f8cc464d83a5cde8d34
- SHA1
  
  69567e6a2dd5569b8cd2876a275f5d9a2ad8743f
- SHA256
  
  cc38b5cb522fdf8d2fe5e85c50d72e1b8ac39d36deb157d4bffdda7970c5ba8b
- SHA512
  
  7dbeb8d4a5674c088fa904a9fdcddf9cb84d41b2d2c887ba38cfcdd1ac30cf4cd8ae28bc33fc3ee51139e78645f7fb580dfaf57e939c4e144b79d507a1d1d90b
- SSDEEP
  
  12288:WvQVCaTVXT7qj+VOdVqL5Tu/eNwZWNtexC5RAib9wxbQiDm1Yu:S+y+sVqL5TwebNRAibyxbQqu
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6