lumma | 74bc915d2f3891a32a3d88b28fb50ea86f5e1f8f8e63582e208e065ed1862eb2

General

Target

git.software.v1.0.7.7z
Size

5.7MB
Sample

240808-r17f5svdlp
MD5

670b2d2fa8c1db4d7d4845dfa1358611
SHA1

122b1faabf95468a966e7771dbad4f4e90cdcfe9
SHA256

74bc915d2f3891a32a3d88b28fb50ea86f5e1f8f8e63582e208e065ed1862eb2
SHA512

be2d59f9651060a7ddad4d6c33ee009ba21024bf2d9a9c70b33583f25a896d6e191b8f8c2a4483f78724d83b0933014bf1620e4e144cd699deb0f177750dc2d1
SSDEEP

98304:sYLR2g0MKcmM3VCY27N8yiL0vbedGFdFjLzjshKIZCny0CpORJz19CBKyzXtX44I:RNNmyVv2x8jg6edFvzYhhQy0QObzu4yC

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://weaknessmznxo.shop/api

https://unseaffarignsk.shop/api

https://shepherdlyopzc.shop/api

https://upknittsoappz.shop/api

https://liernessfornicsa.shop/api

https://outpointsozp.shop/api

https://callosallsaospz.shop/api

https://lariatedzugspd.shop/api

https://indexterityszcoxp.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  D3dx9_41.dll
- Size
  
  4.7MB
- MD5
  
  397cb6132f9632189d6f2b3bc9bb2b04
- SHA1
  
  f7113885294e61f21e6021f6f3a50bb0eb60b0a6
- SHA256
  
  a34174c9e4bbeb8b8592221e4e0fbf273e008c475875b5a4af45f5266ed58373
- SHA512
  
  0e5bcf302a6dbb76cfb7e00476d41367851df9b42e2f9b0c821fd6db018fda30a2b405026d52a7677af65d35ddc4405260c1bd9eb47c22154b23f77be56dd336
- SSDEEP
  
  6144:jQfN8PRtFlJntIkeUXpWeqQ0c4nr+O12Agvtt1tG5P0M3eFBXUuZLf0W/vouIs3w:1LheqpwQZOqvM1TKPr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Shell64.dll
- Size
  
  5.9MB
- MD5
  
  6cc4f16086d2c40fb1c3119cfad11626
- SHA1
  
  99d16f2a2064db9606b56550d8c67e629e5b79ed
- SHA256
  
  976be1fa97db8707e14aa8a93c2b8e8762ae09eb225b457ef9ed0f219fdb3c00
- SHA512
  
  a1e1b629a23013063c9e7989d0ff12070bfd1d2f796e8a4fe80260d8071712d1bba12e1e8feb938f441774462d151bd4ef8d82c63b2732afa44e3ddaa65607d0
- SSDEEP
  
  12288:N4eloJM2aqvHcja5h3Y8YAdRAP72ObgUJ50EAHSH3hNF6D+fOO/2x2QRcpBndnmi:NphHNHhiehBxJx99HMeUG
Score

1^/10
behavioral3 behavioral4
- Target
  
  git.software.v1.0.7.exe
- Size
  
  15.6MB
- MD5
  
  90c13e75309502ad8124a8f895ae56d9
- SHA1
  
  83adf64840a1261f6e89c49922a460c9ab524297
- SHA256
  
  49d778c8e38940be1ef4315fa0169a33e0284ea65abe00b3e827bb48a7654904
- SHA512
  
  da840a8a0fbe2633a479122fd74a8eea6717ff939fb88fcd9abed000898ba98c184d398c0a941a641e982daf7dbe0717f6409df8e1f12a2bed223c49309ae226
- SSDEEP
  
  98304:sZnfpKHJeY2VwGQRD28rozFZTcUEFMx96LJ:PH72VwDV2HFJgFx
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6