Overview

overview

10

Static

static

1

eaa5582959...d9.exe

windows7-x64

10

eaa5582959...d9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2ceff540f1fb7234b424a5702e989ba.bin

  • Size

    10.2MB

  • Sample

    240905-pg6dmazhqm

  • MD5

    11a590d8b8be82c01e58488ec48d45c6

  • SHA1

    bf3c3bd83180ba08ed5b821a9d02057a929f239d

  • SHA256

    cbb8d0e3abaa88557a00300e9c22b2a9cbcf0ae8cbd9650c578bf352d06968a6

  • SHA512

    5b18d22c09d04ccd30ca5ca0c57f3c56c7d4ba27094d9274199c29f8f09423c910b9b2fad8c069785bb04303f5b49355ea471783789c7d914e253cc23bceaf95

  • SSDEEP

    196608:fmdGytqFELhbBclwjrqVhi3T/6pLMA7DXFaCsliSwuIaqN5zoHvKdPrgqXSFd5:fmdvVL3swn3T/A78XrdqYHid0qXSFT

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://sculpturedowqm.shop/api

https://condedqpwqm.shop/api

Targets

    • Target

      eaa5582959770d5fa7fc18fa15d6e6aedec88b7503b8d16df3dd82626fab57d9.exe

    • Size

      10.7MB

    • MD5

      b2ceff540f1fb7234b424a5702e989ba

    • SHA1

      db23b99773aaf3c3ccf45bb93a7321647aad99f9

    • SHA256

      eaa5582959770d5fa7fc18fa15d6e6aedec88b7503b8d16df3dd82626fab57d9

    • SHA512

      d42c2dbc0aecb9220c634cb3fbbe7c67eea107599048d7e3c66c01c0ed6a3c5639b6448fcc4de30e1a38a1b19bdd9882513403e3abfbffbfbdaadae49b59b342

    • SSDEEP

      196608:h9oqgEzg9QvuVBkqFGKAJ9RmX2870VikXVCnZXTDqQ7poZ:h9VgECiuVi4JARx8gVJsZXTOQ7W

    Score
    10/10
    lummadiscoverystealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks