lumma | e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6 | Triage

Submit
Reports

Overview

overview

Static

static

3

e4fe2b9248...a6.exe

windows7-x64

e4fe2b9248...a6.exe

windows10-2004-x64

Sharing

General

Target

e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6.exe
Size

1.3MB
Sample

240807-cs5j9aycjj
MD5

5dbc9dfc9cde9b0e2117b2ed82c98c8d
SHA1

bdd1f983ed5640db4d1e09d1f824413c6f3608ff
SHA256

e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6
SHA512

7b62eee3b9c095aaed878380678e7d1156d602c118a753182e4822ecaaf1011ec854a7c19e3f6d14238bee1a2388df9dd2902b7dc00a921d5f7ab66c49be99e4
SSDEEP

24576:SxLsMs8WdkZt8L5vqLGFRGybQNuRxaIa/OozGMBN9tcI4C:2sldht8IIkQgRxaIa/pzGMH9tcI4C

Score

10^/10

lumma discovery evasion stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6.exe

Resource

win7-20240729-en

lumma discovery evasion stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6.exe

Resource

win10v2004-20240802-en

lumma discovery stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://technologggisp.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

C2

https://technologggisp.shop/api

https://horizonvxjis.shop/api

Targets

- Target
  
  e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6.exe
- Size
  
  1.3MB
- MD5
  
  5dbc9dfc9cde9b0e2117b2ed82c98c8d
- SHA1
  
  bdd1f983ed5640db4d1e09d1f824413c6f3608ff
- SHA256
  
  e4fe2b92480a8ad512c643358c7add07588e8028c1526e5e874d292e6053d4a6
- SHA512
  
  7b62eee3b9c095aaed878380678e7d1156d602c118a753182e4822ecaaf1011ec854a7c19e3f6d14238bee1a2388df9dd2902b7dc00a921d5f7ab66c49be99e4
- SSDEEP
  
  24576:SxLsMs8WdkZt8L5vqLGFRGybQNuRxaIa/OozGMBN9tcI4C:2sldht8IIkQgRxaIa/pzGMH9tcI4C
Score

10^/10

lumma discovery evasion stealer trojan
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoveryevasionstealertrojan

behavioral2

lummadiscoverystealer

© 2018-2025

Terms | Privacy