lumma | c326b43d538c562ff7e613f19773147a0395740c864a4bcdbdcbc1c9a3c3716f

Sharing

Copy URL

Twitter E-mail

General

Target

✵s͜͡etUp_Use_7839_P͜@s$C0DE✵✔.rar
Size

4.9MB
Sample

240806-wef5aavhmp
MD5

9f534f14a37f7dc3dfe2d4d328fbcc23
SHA1

f3c46c726e40a17751defa5bff42d01ecfb6f4a3
SHA256

c326b43d538c562ff7e613f19773147a0395740c864a4bcdbdcbc1c9a3c3716f
SHA512

00d799a2fdf5c3a3ee8adb708e92930a01883da27e5fcaeed44392dccc44e221a5f0d95724b7d7836f23167e58fa1bc8eaadf6f29e08b362d4b29a7db2091750
SSDEEP

98304:H03DE5yexoK2fHziTdCols9OWiYIUEUd/ic6Of2MwSUBFimpKvW/UW:UzE5ye+b+RC5c896jWux6lW

Score

10^/10

Malware Config

Extracted

Family

lumma

https://erdefendkzov.shop/api

https://chippyfroggsyhz.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  ₳DÐ✵SetUp✓/ObjectDock.exe.config
- Size
  
  292B
- MD5
  
  d2a735f9f8b0a9eaee60cfdfe8c3fe91
- SHA1
  
  48a2d80fd6606c4e1e3a9715a8a3f2d394f33bd4
- SHA256
  
  020330f57fc1bf60c9639ca8eae9ee142ad44d44e847290d1ee959ab6758985f
- SHA512
  
  b6e7131352b37d37756bf8b15aadb50d22c19b2e4cfc0a716f5cd1ad162109da8d55f183bdb2537b9fc43a7bd5d7c74599c63f411ff7b9ef681da10745b7faae
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  ₳DÐ✵SetUp✓/SdAppServices_x64.dll
- Size
  
  1.3MB
- MD5
  
  00fe448fd991e8e02083892ca86e7955
- SHA1
  
  6d4f0466e076eb7e2ceea2aae5cf8ceae2be4e0e
- SHA256
  
  67c82555142d9d8cb2892ca6119ff4e4619b2b747a5ddb0e46d73053b57e49eb
- SHA512
  
  156defe71d276a63a20178259fdcbf0a3c43ce4ed777110e30419317d986fbe9e293c93a5f6b01bcaa67d17bba42e26c8a53f6c2b4dc1548dfa3abf276d23691
- SSDEEP
  
  24576:R1FCKisuEMfumVLFMnGC7864Qkh4lZ181gcOrPdIdXq:1CRsuOsunGC7aXIZWgrPdUXq
Score

1^/10
behavioral3 behavioral4
- Target
  
  ₳DÐ✵SetUp✓/Setup.exe
- Size
  
  4.3MB
- MD5
  
  4cba82135c6e44265dfb2a4845dff950
- SHA1
  
  7dbce4c16cbd045ce8a3c2ea15df7fee3df10bcc
- SHA256
  
  e6d5ef67201ef8ed953a36a6fb44aaafb40dec7a4002efb7ebe6c20f35244495
- SHA512
  
  81441841a5fb6fc9507407ea9f07c16d98a1a3ca7c5eb4dabe92cc6fb93f0641ac681906dabf7aedab32a3cb6289cc2922e03bb33210eac72170797e82df60cc
- SSDEEP
  
  49152:w8mxtRio/dXZg+KXXI7QKS/++2+UEaipCiPdCQIhdwIxKoZqD6uoZqUO3HoaPgoR:M92/++2+/pDNB3HokjGbc
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  ₳DÐ✵SetUp✓/config.prx
- Size
  
  364KB
- MD5
  
  14934caca84d5fe0288f27efb31dcbf8
- SHA1
  
  98c8c659488a5782679112e0ffb089422a664ac5
- SHA256
  
  7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
- SHA512
  
  9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
- SSDEEP
  
  3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  ₳DÐ✵SetUp✓/expostulator.mkv
- Size
  
  931KB
- MD5
  
  4d4f8fd4efc85fed159682182b6965c3
- SHA1
  
  f7e6488f23f24cf964f06ad75988e91cece1fcf9
- SHA256
  
  981f51982d1c6b4da35230801dac2ea3cb8be4032b113e8d81f7c62d85e13d2e
- SHA512
  
  d8a48bf52d49e64a837f43a96359860d2cd24effa775054882982bc794ff0d3460f79d79a61ed1b92c6965c77f42b6acf713cbabc9d18ea6a035e73aa83e5ed9
- SSDEEP
  
  24576:At+XAh4OLfmC/cuFZX6www7Zc1JihpDPMzcGFujg:AGAmIfmC0aZieZcWvLMzc8T
Score

6^/10

discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral10 behavioral9
- Target
  
  ₳DÐ✵SetUp✓/grownup.rar
- Size
  
  72KB
- MD5
  
  1be5e2171a0e6f1cba774250d9f17f85
- SHA1
  
  6692a17ae64362262c464139aefe94e39937bac1
- SHA256
  
  359a3b4e2935393f189136482a99d0ccaf8c2eb7c0bd7df88872a7887a623d4c
- SHA512
  
  3d79130154beef3ae2c1e4d5c90534aa6b0b2da41032f5bebda0ee800f09de24371dfe008f51e60cc83cbecbc8804b737caada124a669b66ef806cb787fcec2d
- SSDEEP
  
  1536:KxAbPu/EC+GcYL50SGUH/vfhuMI1qZdr4X/:KxyPushGuSD/xc
Score

3^/10
behavioral11 behavioral12
- Target
  
  ₳DÐ✵SetUp✓/updater/NvStWiz.prx
- Size
  
  432KB
- MD5
  
  9e82e3b658393bed3f7e4f090df1fbe7
- SHA1
  
  bfff954b8ef192c01af9fb5d9141a21279cb9c31
- SHA256
  
  c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
- SHA512
  
  de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
- SSDEEP
  
  6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  ₳DÐ✵SetUp✓/updater/manager/ks_tyres.ini
- Size
  
  9KB
- MD5
  
  47f6571c7884da6c743551ac724186d4
- SHA1
  
  c338ce7d292c78f420876332de93684102ec04ac
- SHA256
  
  894d3c57598ecb22c769cc3ea8219859a95e22740e72394a474012ea2119b3d9
- SHA512
  
  5cf57f3f2c53fcbedf44cd2c896008c41607d7583045e37b819da1b1d3ce26073802e73fab74ea6def035f11a256d9f0d11a87991cea14ef5baf67bda21d6e20
- SSDEEP
  
  192:oqCaCVsP1MQzeRO11bvR2hpg6iYRkX+DHj5jkZU3KAg/sVfKPPfYqlwvR:9bf1MQzeRA1TR2hpg6iY+X+SuaAg+zqW
Score

1^/10
behavioral15 behavioral16
- Target
  
  ₳DÐ✵SetUp✓/x64/trading_api64.dll
- Size
  
  282KB
- MD5
  
  2bca4e2c047ec969cb3cff277e7fc184
- SHA1
  
  c4b5b00b605e59c6fdcb6731f2e53069506e287a
- SHA256
  
  f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69
- SHA512
  
  3819178ec650298157b1d67317e0895cb92709b106d0d8525921e341eba5e960f42434e010066bb405f1ba1619adff1a645ede58e16c4b2d88df2c90611a6cb5
- SSDEEP
  
  6144:Aa0EKzmilQBrUssevOkHcAxilMrCynC0bcLd1x:B0EZbr3se1SynC9x
Score

1^/10
behavioral17 behavioral18
- Target
  
  ₳DÐ✵SetUp✓/x64/tradingnetworkingsockets.dll
- Size
  
  4.1MB
- MD5
  
  3cf26ce759c5e261fe3ecc6451b8b08e
- SHA1
  
  b5da110034fe394a4020367404534903764473fe
- SHA256
  
  fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1
- SHA512
  
  e7b543483f38bb6338490b5c8f5da6f95e0d78b45f2b26d898cc3b58cf7c359952bfe413414cb6cd1532c3c6fd7a860026b2bec7b6d0ddfbee9a1385a62e14f2
- SSDEEP
  
  49152:kGtlqhcIU6ilVwASObX9F+LWDumqrJjAZVT4kmrqEUAYVxkG3q+XRQsmqkALD4z4:M+dl7+8z1mqkA8lv0bH1bBGZZs
Score

1^/10
behavioral19 behavioral20
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  17KB
- MD5
  
  29001f316ccfc800e2246743df9b15b3
- SHA1
  
  dc734266648d3463c1f8d88c1ce7d900a4e3b26c
- SHA256
  
  e5ea2c21fb225090f7d0db6c6990d67b1558d8e834e86513bc8ba7a43c4e7b36
- SHA512
  
  4cffc0c6f94fcd1155909993c622b9103abd7a7bce88742a10abd6a3496a334d667a39bb601f99eb174aa847d7dae056e0d9769754ca86320579b262a20a6599
- SSDEEP
  
  384:WRtwDfIe9jWfhWC+Y3DGk8ZpH3GCJErra8o7Q+Y3DGUKn8JN77hhET:ape9A5DGkiRBEXaR70DGa3hqT
Score

1^/10
behavioral21
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-profile-l1-1-0.dll
- Size
  
  16KB
- MD5
  
  6ee66dca31c5cce57740d677c85b4ce7
- SHA1
  
  8969db03f98f9548caf8e2d8c7f2f5cd7071f333
- SHA256
  
  d00a0edace14715bf79dbd17b715d8a74a2300f0adb1f3fc137edfb7074c9b0a
- SHA512
  
  592e3b6c689a0d6c87079c54c3e13e6ee1fc0c5c770abc854040e85464687c46f0a558be22f8759dbc4a100810386ee379ffe4359cf9091d9afae548bc597be2
- SSDEEP
  
  384:WiIWfhWx+Y3DGk8ZpH3GCJErcx3l/r7+Y3DGU78JN77hhC6UHR:doDGkiRBEWV/rxDGT3h06UHR
Score

1^/10
behavioral22
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-rtlsupport-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  0069fd29263c0dd90314c48bbce852ef
- SHA1
  
  dfb99c850a69e67e85f0a0985659f325bd8f84fc
- SHA256
  
  d11093fdc1d5c9213b9b2886ce91db3ded17ef8dae1615a8c7ffbc55b8e3f79b
- SHA512
  
  71965e8dd2fd81d0c6dba4dbec8d2d1bfd4a644ef6bba4f6027de4bcdf9c07da16f27f2156c21b52e678c75f0a93a4bcbc3e1942f0a73f1eea5ff64b70662f70
- SSDEEP
  
  384:WCGeVxWfhWD+Y3DGk8ZpH3GCJErYtN+Y3DGUO8JN77hhTew:3GeVmyDGkiRBEojDGa3h9ew
Score

1^/10
behavioral23
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-string-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  2e5c29fc652f432b89a1afe187736c4d
- SHA1
  
  96f8480b9339411d5d8c94918e983523b1a55c56
- SHA256
  
  3807db7acf1b40c797e4d4c14a12c3806346ae56b25e205e600be3e635c18d4f
- SHA512
  
  fe1135532e18127f2cfefaaa4a19020d6c790374f648dc93383d58ee52b147d1451af01b8624234bd5d77abe2451eb3e15cbe72a19d283f00cf78c05c43041df
- SSDEEP
  
  384:W4yMv9WfhWx+Y3DGk8ZpH3GCJEr4ey/+Y3DGU888JN77hhnY1:DyMvaIDGkiRBEsnDGX3hxY1
Score

1^/10
behavioral24
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-synch-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  979c67ba244e5328a1a2e588ff748e86
- SHA1
  
  4c709ce527550eb7534cb6362afdb3623c98254e
- SHA256
  
  8bb38a7a59fbaa792b3d5f34f94580429588c8c592929cbd307afd5579762abc
- SHA512
  
  49f3c3319aa462b445c6a0b816e10034f6e5a9cf1250ea30b348cfa1ef71525e9f62e2f13253f61375f51fc574847de0d509cffa95103771be356327d5fef90d
- SSDEEP
  
  384:Wjdv3V0dfpkXc0vVaCWfhWt+Y3DGk8ZpH3GCJErHZpn+Y3DGUrUN8JN77hhYl:Wdv3VqpkXc0vVabkDGkiRBEtplDGEUq8
Score

1^/10
behavioral25
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-synch-l1-2-0.dll
- Size
  
  17KB
- MD5
  
  659e4febc208545a2e23c0c8b881a30d
- SHA1
  
  11b890cc05c1e7c95f59eda4bb8ce8bc12b81591
- SHA256
  
  9ac63682e03d55a5d18405d336634af080dd0003b565d12a39d6d71aaa989f48
- SHA512
  
  010ab6d3971fabd2a956f891b8d9d20ef487e722443b2882a1a329830dc5c80d262e03a844cd3f5c3e4efcfbad72b9e1fbbf7d9dc6cf85ed034d84726946ce07
- SSDEEP
  
  384:WHtZ36WfhW8+Y3DGk8ZpH3GCJEFxMDD+Y3DGEC8q8JN77hhFGT:EbDGkiRBEsJDGS13hj+
Score

1^/10
behavioral26
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-sysinfo-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  cef4b9f680faae322170b961a3421c5b
- SHA1
  
  dd89a2d355df989bbd8648789472bfe9c14afcd5
- SHA256
  
  1fe918979f1653d63bb713d4716910d192cd09f50017a6ecb4ce026ed6285df9
- SHA512
  
  f56617290d4ac25231631d708a6c8b003bdd358bae9672f7dee539a96b292c13e04c65ba5f05937c52f73288eb3dd7cba479ed030942a0d9d3a15512548fa4a9
- SSDEEP
  
  384:WBTnWfhWt+Y3DGk8ZpH3GCJEFxqIDh/h+Y3DGER6vJ8JN77hhHWT:0TsIDGkiRBE+IxfDGM6vW3h5WT
Score

1^/10
behavioral27
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-timezone-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  69df2cce4528c9e38d04a461ba1f992b
- SHA1
  
  bb1d0da76cf696acf2e0f4e03e6d63fbad4325aa
- SHA256
  
  a108a8f20ded00e742a1f818ef00eb425990b6b24a2bcd060dea4d7f06d3f165
- SHA512
  
  4d02eecdda0fffc10d5509830079984c7a887b4ca3a80359aa56117b302dcfa594b0710c9f415c823d1674b5c689d31aade44f21750ccd7d53010e67f0b6f0d2
- SSDEEP
  
  384:WGOWfhWc+Y3DGk8ZpH3GCJEFxi+3T7Tu+Y3DGEu8JN77hh2KI:5XDGkiRBEm+uDGQ3h7I
Score

1^/10
behavioral28
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-core-util-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  c6553959aecd5bac01c0673cfdf86b68
- SHA1
  
  045585659843f7214c79659a88302996bfb480a2
- SHA256
  
  68bd9c086d210eb14e78f00988ba88ceaf9056c8f10746ab024990f8512a2296
- SHA512
  
  ae8e42a428202d05fea4f1e6a4d3b919b644a792567f876b0fc392b1cddb856547b4c3b433c002fded6df4d4daec8fb7235f30d1ff9f42943d9e2557ade364d6
- SSDEEP
  
  384:WyzWWfhW++Y3DGk8ZpH3GCJErst5+Y3DGU1a8JN77hh8T:35DGkiRBEQpDGw3hKT
Score

1^/10
behavioral29
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-crt-conio-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  7190cbfad2d7773d3b88ccc25533a651
- SHA1
  
  71fe2bacc14b433d51328ea0810c1a030c80d844
- SHA256
  
  4aeeae0ac9f6c1b0b8835067ea3b7fc429f353565f18de7858f4ea5d6f72072e
- SHA512
  
  b314666c400268bf261c5f9e9966ad0680435241e7a24d85b28ae4405d798b80eedb65ed8db7e8d93df90f886a6719a8b7ace8c25d0429392bc061868890c40c
- SSDEEP
  
  384:WL5WfhWO+Y3DGk8ZpH3GCJErBf+Y3DGUCU8JN77hhIw:FVDGkiRBELDGfX3hKw
Score

1^/10
behavioral30
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  3e415147ccd7c712618868bdd7a200cd
- SHA1
  
  b332f29915d846519dcb725d39e8c50604d7b414
- SHA256
  
  77b69e829bdc26c7b2474be6b8a2382345b2957e23046897e40992a8157a7ba1
- SHA512
  
  7e7e50f148414f8a84b4c39d3c7c1e0952f86f95873f3abc25b7f08574bbcce41394a59451868020b178bf68df12615bd356677e8c935c1185c5d07d15e61896
- SSDEEP
  
  384:WluyxWfhWK+Y3DGk8ZpH3GCJEFxkNN0O+Y3DGEhy8JN77hhHL:RhDGkiRBEqDGsd3h9L
Score

1^/10
behavioral31
- Target
  
  ₳DÐ✵SetUp✓/x86/api-ms-win-crt-environment-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  ad0cbb9978fcf60d9e9ca45de6a28d30
- SHA1
  
  65549d9d7ee72de7d0cc356f92ad22eeb8dc18cc
- SHA256
  
  6c9c0dc7b36afe07dfb07dd373fc757ff25df4793e6384d7a6021471a474f0b9
- SHA512
  
  aaf4919e7629cd0bcf52283d578214043a4bdf6597a7d808dfcecd5fa1ecbd0b1395c60a165c575d20ca42928500815e14837b9e05530a667c6898e14243d64d
- SSDEEP
  
  384:WgWfhWx+Y3DGk8ZpH3GCJEFxHiA6+Y3DGEi8JN77hhksg:CsDGkiRBEJeDG03hCD
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32