lumma | 0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.InjectNET.17.11380.16691.exe
Size

13KB
Sample

240825-vbnjhstfrb
MD5

412ac0c0ab55be4b40d5684b69903f71
SHA1

916c8aa927aaa8ee4b58bfcb6d2953e14ec28028
SHA256

0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97
SHA512

39262b8831ab95a20d45087c85cd9d22dab766a3ded49d3ed1afbbd45423a438e77153720237a07010e8d2848d60e505d973c3eef8c8ed90e0c001550f7c12e7
SSDEEP

384:E7/1TebgAciVU6c35z1R5Mq3sVK8QbTf6Q:ET1TeR05x+0bTff

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://miracledzmnqwui.shop/api

https://potentioallykeos.shop/api

Targets

- Target
  
  SecuriteInfo.com.Trojan.InjectNET.17.11380.16691.exe
- Size
  
  13KB
- MD5
  
  412ac0c0ab55be4b40d5684b69903f71
- SHA1
  
  916c8aa927aaa8ee4b58bfcb6d2953e14ec28028
- SHA256
  
  0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97
- SHA512
  
  39262b8831ab95a20d45087c85cd9d22dab766a3ded49d3ed1afbbd45423a438e77153720237a07010e8d2848d60e505d973c3eef8c8ed90e0c001550f7c12e7
- SSDEEP
  
  384:E7/1TebgAciVU6c35z1R5Mq3sVK8QbTf6Q:ET1TeR05x+0bTff
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer