lumma | 35760704fdaef694cf129c2cf70d6edbe87adca57ce2073eeba6b39e97f4c5fe | Triage

Resubmissions

05/08/2024, 10:44

240805-mtardaxfnh 10

05/08/2024, 10:39

240805-mp375atekp 10

05/08/2024, 10:24

240805-mfcc2stbqn 10

Sharing

General

Target

InjectorSOFTWARE.zip
Size

18.4MB
Sample

240805-mp375atekp
MD5

4087fb773df09b91e226c59bd9e400ca
SHA1

40680eee9d47ffa93b7c10cf4b9cd71038ff81c5
SHA256

35760704fdaef694cf129c2cf70d6edbe87adca57ce2073eeba6b39e97f4c5fe
SHA512

e67eaf7cfa49f0ff487f9762ecfea1930394e68232cbe9dc9c0924d3d8ecdbc522e6c210270f90ca19b0aff36b5449b8b5d63ffd416d95b48ebed91be8d5357a
SSDEEP

393216:r9qRuxNxl69OXuniRll7a08I7/3asKn1RtrbSZJZwP0M:ZtNxKOOixoxsSbSVwP0M

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://clouddycuiomsnz.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

https://whimiscallysmmzn.shop/api

https://applyzxcksdia.shop/api

https://replacedoxcjzp.shop/api

https://declaredczxi.shop/api

https://catchddkxozvp.shop/api

https://arriveoxpzxo.shop/api

https://contemplateodszsv.shop/api

https://bindceasdiwozx.shop/api

https://conformfucdioz.shop/api

Extracted

Family

lumma

C2

https://clouddycuiomsnz.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

https://tenntysjuxmz.shop/api

https://whimiscallysmmzn.shop/api

Targets

- Target
  
  InjectorSOFTWARE.zip
- Size
  
  18.4MB
- MD5
  
  4087fb773df09b91e226c59bd9e400ca
- SHA1
  
  40680eee9d47ffa93b7c10cf4b9cd71038ff81c5
- SHA256
  
  35760704fdaef694cf129c2cf70d6edbe87adca57ce2073eeba6b39e97f4c5fe
- SHA512
  
  e67eaf7cfa49f0ff487f9762ecfea1930394e68232cbe9dc9c0924d3d8ecdbc522e6c210270f90ca19b0aff36b5449b8b5d63ffd416d95b48ebed91be8d5357a
- SSDEEP
  
  393216:r9qRuxNxl69OXuniRll7a08I7/3asKn1RtrbSZJZwP0M:ZtNxKOOixoxsSbSVwP0M
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer