lumma | 3037988aa68ca3431c78c5484b08c9d51f3ee619282ca2a1b9fc306e6a07eae1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HydraCheats.exe
Size

21.2MB
Sample

240901-wrszlsxgjq
MD5

6f9168a86fc6adf535de75e12a514a6f
SHA1

7ddbd2397653910de353a22ee23bc49426501309
SHA256

3037988aa68ca3431c78c5484b08c9d51f3ee619282ca2a1b9fc306e6a07eae1
SHA512

ee8ab2622e9b8e8f6bcf37dbd6a1b7a113d2bfe6067e656575681aec6ce16b6514bc1844c45f75dc2c46d847fb6fecf7819bc923fd612d44f099a5af205d89a9
SSDEEP

196608:pizpf8ui/wjumYnw+vj8x/CTwFE5uUEXbo:pgcwj0nNvj+l1j

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://wrappyprotesp.shop/api

https://locatedblsoqp.shop/api

Targets

- Target
  
  HydraCheats.exe
- Size
  
  21.2MB
- MD5
  
  6f9168a86fc6adf535de75e12a514a6f
- SHA1
  
  7ddbd2397653910de353a22ee23bc49426501309
- SHA256
  
  3037988aa68ca3431c78c5484b08c9d51f3ee619282ca2a1b9fc306e6a07eae1
- SHA512
  
  ee8ab2622e9b8e8f6bcf37dbd6a1b7a113d2bfe6067e656575681aec6ce16b6514bc1844c45f75dc2c46d847fb6fecf7819bc923fd612d44f099a5af205d89a9
- SSDEEP
  
  196608:pizpf8ui/wjumYnw+vj8x/CTwFE5uUEXbo:pgcwj0nNvj+l1j
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer