lumma | cbef84ffb475e912fb79b4c1e8feb03f8d5929cb2fa5492fab2da5f57b35826e | Triage

Sharing

General

Target

cbef84ffb475e912fb79b4c1e8feb03f8d5929cb2fa5492fab2da5f57b35826e
Size

355KB
Sample

240817-fw5wzayfkc
MD5

c44a886e35fab50c9f7f0e63fce3e407
SHA1

20a3b52dd2c3b0e5f9c09bab0154fe1fa85110fe
SHA256

cbef84ffb475e912fb79b4c1e8feb03f8d5929cb2fa5492fab2da5f57b35826e
SHA512

15b3626d3e1997d62203431038dffb4b5cb11f7c5c932e0461a0a02f7c780893c6ad0979315a523a041f262b8f87c08e925355924fcea94ddfe7c9fae09fbfc5
SSDEEP

6144:3qhD0U0dmaiKZ7FPDfn/Y5ylpD5xAEs0QiCZDqBC6wVpjOoTb6tA/PkTV91YoQ:3qhD0FqK5tzdlpD5xLrx6qujO6nkZY

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://clouddycuiomsnz.shop/api

Targets

- Target
  
  cbef84ffb475e912fb79b4c1e8feb03f8d5929cb2fa5492fab2da5f57b35826e
- Size
  
  355KB
- MD5
  
  c44a886e35fab50c9f7f0e63fce3e407
- SHA1
  
  20a3b52dd2c3b0e5f9c09bab0154fe1fa85110fe
- SHA256
  
  cbef84ffb475e912fb79b4c1e8feb03f8d5929cb2fa5492fab2da5f57b35826e
- SHA512
  
  15b3626d3e1997d62203431038dffb4b5cb11f7c5c932e0461a0a02f7c780893c6ad0979315a523a041f262b8f87c08e925355924fcea94ddfe7c9fae09fbfc5
- SSDEEP
  
  6144:3qhD0U0dmaiKZ7FPDfn/Y5ylpD5xAEs0QiCZDqBC6wVpjOoTb6tA/PkTV91YoQ:3qhD0FqK5tzdlpD5xLrx6qujO6nkZY
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer