lumma | 20f1e34627d78a9206329f1ed09f562d851d6bd7df83350bf2c22361510da259

General

Target

v.3.9.lntsaII3r_win_64-86_set-up+P0rtbI3xtn.zip
Size

10.4MB
Sample

240809-s8r7vssdpp
MD5

6f8f3e76cd60e295375034f3f028bafe
SHA1

d4e4d1afb9b0aecfc58d8980bce53990fcff32fd
SHA256

20f1e34627d78a9206329f1ed09f562d851d6bd7df83350bf2c22361510da259
SHA512

4c21a67d2323a0387e749669f7ede5c8d534fc82aabd3d65795fa3e87dfb87e3b273992cc3366cb975dbef70cc91e6910b68d405663d23153f3916b2edc737e6
SSDEEP

196608:0NqxPhjCITZIReidoi0furV2rCXedavn+jVTLYG3U87qmqBIqj6NaLY7tr:plhjTGEaNMroedavn+Rnu8OUh7p

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://pajamas-stoic-failing.shop/api

https://celebratioopz.shop/api

https://writerospzm.shop/api

https://deallerospfosu.shop/api

https://bassizcellskz.shop/api

https://mennyudosirso.shop/api

https://languagedscie.shop/api

https://complaintsipzzx.shop/api

https://quialitsuzoxm.shop/api

Extracted

Family

lumma

C2

https://celebratioopz.shop/api

https://writerospzm.shop/api

https://deallerospfosu.shop/api

https://bassizcellskz.shop/api

https://mennyudosirso.shop/api

https://languagedscie.shop/api

https://complaintsipzzx.shop/api

https://quialitsuzoxm.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  v.3.9.lntsaII3r_win_64-86_set-up+P0rtbI3xtn.zip
- Size
  
  10.4MB
- MD5
  
  6f8f3e76cd60e295375034f3f028bafe
- SHA1
  
  d4e4d1afb9b0aecfc58d8980bce53990fcff32fd
- SHA256
  
  20f1e34627d78a9206329f1ed09f562d851d6bd7df83350bf2c22361510da259
- SHA512
  
  4c21a67d2323a0387e749669f7ede5c8d534fc82aabd3d65795fa3e87dfb87e3b273992cc3366cb975dbef70cc91e6910b68d405663d23153f3916b2edc737e6
- SSDEEP
  
  196608:0NqxPhjCITZIReidoi0furV2rCXedavn+jVTLYG3U87qmqBIqj6NaLY7tr:plhjTGEaNMroedavn+Rnu8OUh7p
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup.exe
- Size
  
  94KB
- MD5
  
  9a4cc0d8e7007f7ef20ca585324e0739
- SHA1
  
  f3e5a2e477cac4bab85940a2158eed78f2d74441
- SHA256
  
  040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92
- SHA512
  
  54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3
- SSDEEP
  
  1536:9M/AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwn/ZDs5yf:9M4SwMpdCq/IM8uIGfV/ZDso
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  python310.dll
- Size
  
  4.3MB
- MD5
  
  ac59f2d4c2108ae4868ee3c9a175cd2b
- SHA1
  
  4a3f4b6d343034c731c5526d38b43e9a75242db5
- SHA256
  
  d3bfcaa28731779f72a457cb07f117d86da089fee7a262be7d8bc2e33f9412d6
- SHA512
  
  f7ecad11217e185ff7c7e347e09558ed85e215972f752e3d35b6e3f96bb69a70ae2a3318236010e7a4c1786d41ff64b14a7ffe9f4cd1c614ddebf08abf063fe6
- SSDEEP
  
  49152:5xWM30WEuKdhbvd9aCLYjiNME9KnPdZkAMnu08M5c3MrOEJ8wwoJAS4L4I0mUHJ+:5eV7bkwMVPZeHISa0XHaMZqSH1vze
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6