lumma | fba4191436f3e31d46df52a899a20ab7cfddbc3d39c36daf496d87edcf39e469

General

Target

Solara_Executor.exe
Size

6.9MB
Sample

240805-waj1datarq
MD5

c164593ac5af309fb01b2e6dd0878b2d
SHA1

4fea75d5bf4e9d9f2aa2cd10ac37792123e9ecf8
SHA256

fba4191436f3e31d46df52a899a20ab7cfddbc3d39c36daf496d87edcf39e469
SHA512

2eb25593e518ab0ef7905315a5c2ca9879b6497757f01c5d99c5df6fbcf4d6262b43601bf357b31eeb6b556bd9965e60d16c8272405320c95fe44c836e62af32
SSDEEP

49152:Go4Jx048wEi74S3YwZpLJtnPi+gL9A6QzjMkjBXyaXg93/w1JlkaKJFJa6jGu5Ea:j2x0Udh+m68NXyaQ9PsYDEXvZevX

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://outfittydadop.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

Extracted

Family

lumma

C2

https://outfittydadop.shop/api

https://empiredzmwnx.shop/api

https://boattyownerwrv.shop/api

https://rainbowmynsjn.shop/api

https://definitonizmnx.shop/api

https://creepydxzoxmj.shop/api

https://budgetttysnzm.shop/api

https://chippyfroggsyhz.shop/api

https://assumedtribsosp.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  Solara_Executor.exe
- Size
  
  6.9MB
- MD5
  
  c164593ac5af309fb01b2e6dd0878b2d
- SHA1
  
  4fea75d5bf4e9d9f2aa2cd10ac37792123e9ecf8
- SHA256
  
  fba4191436f3e31d46df52a899a20ab7cfddbc3d39c36daf496d87edcf39e469
- SHA512
  
  2eb25593e518ab0ef7905315a5c2ca9879b6497757f01c5d99c5df6fbcf4d6262b43601bf357b31eeb6b556bd9965e60d16c8272405320c95fe44c836e62af32
- SSDEEP
  
  49152:Go4Jx048wEi74S3YwZpLJtnPi+gL9A6QzjMkjBXyaXg93/w1JlkaKJFJa6jGu5Ea:j2x0Udh+m68NXyaQ9PsYDEXvZevX
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2