lumma | f1933e4699c9f2510872a354a19bd7c78511617139263e13f785fd99ec9265a0

General

Target

gitsoft_v1.21.zip
Size

7.7MB
Sample

240805-ps182szdng
MD5

6f1e4a3f085c648facec1e873fef555c
SHA1

f3228d5da4dd83473226dc8503bf6bd54efed449
SHA256

f1933e4699c9f2510872a354a19bd7c78511617139263e13f785fd99ec9265a0
SHA512

237d6e4dc857ccf559ad1bfab6488e48dec03be874812c181a0e479d5713f2c03601868e15e9ba8dcd4c59cbef339f8de6cd6828ec59e592a949fc72c2e9acb0
SSDEEP

196608:W/0EsZ/YFUsFy9YaHhLxabulPbzEHiQ2bhyVBCLLIv0ATIH:WbsNYFS9hHheSP0Cxhq/0WIH

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://toughsnxcmxz.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

Extracted

Family

lumma

C2

https://toughsnxcmxz.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  Setup/D3dx9_41.dll
- Size
  
  4.7MB
- MD5
  
  397cb6132f9632189d6f2b3bc9bb2b04
- SHA1
  
  f7113885294e61f21e6021f6f3a50bb0eb60b0a6
- SHA256
  
  a34174c9e4bbeb8b8592221e4e0fbf273e008c475875b5a4af45f5266ed58373
- SHA512
  
  0e5bcf302a6dbb76cfb7e00476d41367851df9b42e2f9b0c821fd6db018fda30a2b405026d52a7677af65d35ddc4405260c1bd9eb47c22154b23f77be56dd336
- SSDEEP
  
  6144:jQfN8PRtFlJntIkeUXpWeqQ0c4nr+O12Agvtt1tG5P0M3eFBXUuZLf0W/vouIs3w:1LheqpwQZOqvM1TKPr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup/Setup_v1.21.exe
- Size
  
  11.6MB
- MD5
  
  84fec92a91c0fa4ad009d0f1775876dc
- SHA1
  
  c405f905a6411020616332ab123967ae748b49ce
- SHA256
  
  6feefd5b62beff96d19b1860eabfb816ef06e2477642778967067ca45322648f
- SHA512
  
  19a43ac43165da520057a4a975e64b9591c8c7c206dcebc2332ba2440b30a56e000ffee133d9e90d14bcc478572b3b32babbecbcb7b2426bc7b3ae5b0b9a3a47
- SSDEEP
  
  98304:qbNumrNhEe4tjFezByb97GP7G6wENvCHDMjqgRbnfe/0M:Qf4tjFezByJ7GP7G6Jp0QP
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Setup/Shell64.dll
- Size
  
  5.9MB
- MD5
  
  6cc4f16086d2c40fb1c3119cfad11626
- SHA1
  
  99d16f2a2064db9606b56550d8c67e629e5b79ed
- SHA256
  
  976be1fa97db8707e14aa8a93c2b8e8762ae09eb225b457ef9ed0f219fdb3c00
- SHA512
  
  a1e1b629a23013063c9e7989d0ff12070bfd1d2f796e8a4fe80260d8071712d1bba12e1e8feb938f441774462d151bd4ef8d82c63b2732afa44e3ddaa65607d0
- SSDEEP
  
  12288:N4eloJM2aqvHcja5h3Y8YAdRAP72ObgUJ50EAHSH3hNF6D+fOO/2x2QRcpBndnmi:NphHNHhiehBxJx99HMeUG
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6