General

  • Target

    196b9c8e00d11c72d276a4b9654dd3f5.exe

  • Size

    6.3MB

  • Sample

    240801-jvevyazfpm

  • MD5

    196b9c8e00d11c72d276a4b9654dd3f5

  • SHA1

    c2451b97efe9692f88d1780e65b8d50af3ac8691

  • SHA256

    2083c6d2ab049f21c15cf93b454b833f25d5d3aad20357f5e2488cfb838b13f5

  • SHA512

    2d8a2da0074028885f6fd3501a553848806c04a695fae97326e8f74f32d978b360d09eb4a7290bdce3edb4883c431d64607e6831cce81a611d910723b1891239

  • SSDEEP

    98304:6qwtqwQR4XsSjvdnspWEs+hqh+3EtEXA227QpFZd182H4eDP9IIWwILk:6qwtqw/skCWERUh+3EKXAVKo2HzLWwIw

Malware Config

Extracted

Family

lumma

C2

https://demandlinzei.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

Extracted

Family

lumma

C2

https://demandlinzei.shop/api

https://applyzxcksdia.shop/api

Targets

    • Target

      196b9c8e00d11c72d276a4b9654dd3f5.exe

    • Size

      6.3MB

    • MD5

      196b9c8e00d11c72d276a4b9654dd3f5

    • SHA1

      c2451b97efe9692f88d1780e65b8d50af3ac8691

    • SHA256

      2083c6d2ab049f21c15cf93b454b833f25d5d3aad20357f5e2488cfb838b13f5

    • SHA512

      2d8a2da0074028885f6fd3501a553848806c04a695fae97326e8f74f32d978b360d09eb4a7290bdce3edb4883c431d64607e6831cce81a611d910723b1891239

    • SSDEEP

      98304:6qwtqwQR4XsSjvdnspWEs+hqh+3EtEXA227QpFZd182H4eDP9IIWwILk:6qwtqw/skCWERUh+3EKXAVKo2HzLWwIw

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks