lumma | a3f2e3023e451956599f92984793cda204648692c84d30de7e4870bbc63b4ae0

Resubmissions

06-08-2024 04:47

240806-fewxqstfrb 10

06-08-2024 04:46

240806-fedq6azenp 10

06-08-2024 04:44

240806-fc8thszeln 10

05-08-2024 13:30

240805-qr3ads1elc 10

Sharing

Copy URL

Twitter E-mail

General

Target

Avira Advertising (extract.me).zip
Size

5.6MB
Sample

240805-qr3ads1elc
MD5

10000694d7ce74468b950efaf04f87ca
SHA1

45f2168d3fba64c522a8e0410d7d0db144785767
SHA256

a3f2e3023e451956599f92984793cda204648692c84d30de7e4870bbc63b4ae0
SHA512

e7fda1671bf9cbe07fc0039c39cb7c446ead44c4e265df787f3a62c5de0f6e2ed74738257c436d07b40007ed34a80391743ad9850be16066910175741571a29b
SSDEEP

98304:rFZb3phXDGsbosDQQEzfga52GHnkl4dkM2boo0sjnEtRB/udGjxFAsdP7SgzY8ah:rP3HTGNFLRb/o0YnCBUaFA8POgzYTpum

Score

10^/10

Malware Config

Extracted

Family

lumma

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

Extracted

Family

lumma

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  Avira Advertising/payment and key.exe
- Size
  
  4.2MB
- MD5
  
  ad433332d168ed1555d260e6b149e2fe
- SHA1
  
  beb4d3f2d7a8d2b4b194e7c123477010ea1a6baa
- SHA256
  
  7232ec3f17f009b1d24f7383d32a4b499288b000d5738758da0035252953e409
- SHA512
  
  bc4bd97db41debe9615d33a31b852f44c89b6ac43104241427f7ed742e771cc2ce590c583859e5368f2fd1e4c1b4ae57827a90ba1c095c76f0f2bc04857d8d92
- SSDEEP
  
  24576:h5yHx5/mc9iNTGYARvoqY6nNdcDMdvnLD4WlYrRkcXV7G4OVnw0cLOV:hIxcS8AY6nILfr
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2