lumma | 1dd1d95832125dfb8f2a472d5394f6d3943f55e1cd53de38b2e21335c22cb0f5

General

Target

Setup.exe
Size

17.0MB
Sample

240727-2k8pdavhpe
MD5

39b6666813ca7dec9a5badc3f260d61e
SHA1

0225465060612c872b76d15a66d817692d5d3141
SHA256

1dd1d95832125dfb8f2a472d5394f6d3943f55e1cd53de38b2e21335c22cb0f5
SHA512

9852d4d3120fd23641104fa9e9fca936ff313c948e9d144343f32d6ba58897dec6dda8a49501e0d3a2363347aa5e6ea7e824f5c6f8ab68c3bb8af994cfbc52a5
SSDEEP

98304:KOR0QzG1Fv+ysIhnQKzgGf4fo+jC9DSp/F1vjrWLeJH9BAx68xFnxS8R:KOwFnJUC9DSpNdy6V8xFnxTR

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://pallmusksopzm.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

C2

https://pallmusksopzm.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  17.0MB
- MD5
  
  39b6666813ca7dec9a5badc3f260d61e
- SHA1
  
  0225465060612c872b76d15a66d817692d5d3141
- SHA256
  
  1dd1d95832125dfb8f2a472d5394f6d3943f55e1cd53de38b2e21335c22cb0f5
- SHA512
  
  9852d4d3120fd23641104fa9e9fca936ff313c948e9d144343f32d6ba58897dec6dda8a49501e0d3a2363347aa5e6ea7e824f5c6f8ab68c3bb8af994cfbc52a5
- SSDEEP
  
  98304:KOR0QzG1Fv+ysIhnQKzgGf4fo+jC9DSp/F1vjrWLeJH9BAx68xFnxS8R:KOwFnJUC9DSpNdy6V8xFnxTR
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4