lumma | 910ec7d764e93e5ffd27e4b623c445e1ab2b66efdd962aebb7f6913a21f3e030

Resubmissions

27/07/2024, 15:17

240727-sn5bpaycnf 10

27/07/2024, 15:03

240727-se5k4avdpm 10

27/07/2024, 14:34

240727-rxyd3atfjl 10

Sharing

Copy URL

Twitter E-mail

General

Target

~!!SetUp_KEY_9696_PAas$c0De!%!!.zip
Size

3.1MB
Sample

240727-se5k4avdpm
MD5

eade8ec3fb15be090a784517edac94cd
SHA1

8c30ab460a1e60efbaa94bc2123ba756678b6dd5
SHA256

910ec7d764e93e5ffd27e4b623c445e1ab2b66efdd962aebb7f6913a21f3e030
SHA512

92a9ecc566e84172fc38742c0f73f9b9f1b9cd63db1910da82e529f1c61bec357e76746fc01938b64fd8bcbd93cc49cb56c13a04520f4b373f1abe6f942a5e00
SSDEEP

49152:DWFfIQoUex85paSmkQmzfQ/x54yi53m+N/7Lv7dqmWgRhsfscmYR95FE4bYg85nY:DAfIQde0Zzxyi53NpgmWHfs1YRv8sHJ

Score

10^/10

Malware Config

Extracted

Family

lumma

https://markerryshewi.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

https://markerryshewi.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Targets

- Target
  
  ~!!SetUp_KEY_9696_PAas$c0De!%!!.zip
- Size
  
  3.1MB
- MD5
  
  eade8ec3fb15be090a784517edac94cd
- SHA1
  
  8c30ab460a1e60efbaa94bc2123ba756678b6dd5
- SHA256
  
  910ec7d764e93e5ffd27e4b623c445e1ab2b66efdd962aebb7f6913a21f3e030
- SHA512
  
  92a9ecc566e84172fc38742c0f73f9b9f1b9cd63db1910da82e529f1c61bec357e76746fc01938b64fd8bcbd93cc49cb56c13a04520f4b373f1abe6f942a5e00
- SSDEEP
  
  49152:DWFfIQoUex85paSmkQmzfQ/x54yi53m+N/7Lv7dqmWgRhsfscmYR95FE4bYg85nY:DAfIQde0Zzxyi53NpgmWHfs1YRv8sHJ
Score

10^/10

lumma defense_evasion discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- System Binary Proxy Execution: Verclsid
  Adversaries may abuse Verclsid to proxy execution of malicious code.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

T1218

Verclsid

T1218.012

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Executes dropped EXE

Loads dropped DLL

System Binary Proxy Execution: Verclsid

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3