lumma | b1f401a32d82597d042df138825c90dd0b673d71017e16cee0f458a78a85cac7 | Triage

Sharing

General

Target

fix.zip
Size

288KB
Sample

240826-qvt37awekh
MD5

70fe41f4e0ba092e841fad1aafa46400
SHA1

e21b9b9b981d788bfa8852154cc51c48b823b071
SHA256

b1f401a32d82597d042df138825c90dd0b673d71017e16cee0f458a78a85cac7
SHA512

e00dfd74dc50464ba7d49829eb13df61736174b03c15a2f8d882d2713719c02a5aba12380473d11dddc93990c9be459ad274757226705e5c3aa96cc950e843fc
SSDEEP

6144:HWg3dA6U8QVAS4GUH1S0rOwC5LXFHJbjBk6s++iISslAcFpHB0x3:2g3dA63JjGUH1S+CVfb+d++iInA9

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://froytnewqowv.shop/api

https://locatedblsoqp.shop/api

https://traineiwnqo.shop/api

https://condedqpwqm.shop/api

https://millyscroqwp.shop/api

https://stagedchheiqwo.shop/api

https://stamppreewntnq.shop/api

https://caffegclasiqwp.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  x86_64-w64-ranlib.exe
- Size
  
  285KB
- MD5
  
  b58fe0a5a58266e2d16703e7725a6f77
- SHA1
  
  bbdfd57437aa760246c6cbfa7a97405344347633
- SHA256
  
  b127de888f09ce23937c12b7fccfa47a8f48312b0e43eb59b6243f665c6d366a
- SHA512
  
  593b6ee4955d760359afe2df9d59ae966dd393298ec67b0b8441568a3ff075a485fea199ae1434eeb2cff26b7075085e4dd42b2c40327dd45bd22e0e8f7cf8cf
- SSDEEP
  
  6144:Isdo9ECUGu9ATbtJ1XN1c4KNvqhsoEG8X+UsO5XNQ:EzNu9ATb35Lhkvqhazs4
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2