General

  • Target

    a33e6d41c9227949e34574d4bb9831db.exe

  • Size

    6.3MB

  • Sample

    240801-hdgsja1drc

  • MD5

    a33e6d41c9227949e34574d4bb9831db

  • SHA1

    b63abdb05496aae4e98fa97a50e7f68d4d789428

  • SHA256

    e9ce3ba16ae990857b4db0f1ba428bcb59871eea5096041154dd4f7a44128aba

  • SHA512

    f438c9d8cfc6aace0a9008d73d01922c3fd813ccc6ffac6c619352db74fb86870b20f9d748efd95898269bd62b9f839ec7503deca656c85f4a6942a4dc665a9d

  • SSDEEP

    196608:6qwHqw6JjbrddIaBxmUHbk9dO96zBKWn2cC:B3rHHbEOYzYI7C

Malware Config

Extracted

Family

lumma

C2

https://warrantelespsz.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

Extracted

Family

lumma

C2

https://warrantelespsz.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

Targets

    • Target

      a33e6d41c9227949e34574d4bb9831db.exe

    • Size

      6.3MB

    • MD5

      a33e6d41c9227949e34574d4bb9831db

    • SHA1

      b63abdb05496aae4e98fa97a50e7f68d4d789428

    • SHA256

      e9ce3ba16ae990857b4db0f1ba428bcb59871eea5096041154dd4f7a44128aba

    • SHA512

      f438c9d8cfc6aace0a9008d73d01922c3fd813ccc6ffac6c619352db74fb86870b20f9d748efd95898269bd62b9f839ec7503deca656c85f4a6942a4dc665a9d

    • SSDEEP

      196608:6qwHqw6JjbrddIaBxmUHbk9dO96zBKWn2cC:B3rHHbEOYzYI7C

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks