lumma | 47b1dceb3b8d987a95a552e88da54e9ea385e518466d654bbc550daae6c69c8a | Triage

Sharing

General

Target

#!!SetU-p_2244_Pa$sW0rd$ProFilesspass.zip
Size

2.4MB
Sample

240905-prhqba1gqh
MD5

86e49761d775b41e70b48f7853ac3d98
SHA1

3981321e9ce23e6fb403eb065f15b92dbc65f39b
SHA256

47b1dceb3b8d987a95a552e88da54e9ea385e518466d654bbc550daae6c69c8a
SHA512

a5d027654bfa1273bc1d88ea504091ba9e05c05b7505a15fa36c1522f78f36fa8780922d99a6c371d2253baaebbf8203e08ef173bd6a55bd279942f10a84ee34
SSDEEP

49152:eCM0Fymi23q4xSjtqznnmJs/BwOi1U5aTC2ZMxdR5MsZQ59YC:hM0Fym3EwLmJGBRhSuyLL

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://waiteralcohowl.shop/api

https://condedqpwqm.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  2.7MB
- MD5
  
  870feaab725b148208dd12ffabe33f9d
- SHA1
  
  9f3651ad5725848c880c24f8e749205a7e1e78c1
- SHA256
  
  bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55
- SHA512
  
  5bea301f85e6a55fd5730793b960442bc4dab92d0bf47e4e55c5490448a4a22ed6d0feb1dbe9d56d6b6ff8d06f163381807f83f467621f527bc6521857fc8e1a
- SSDEEP
  
  49152:C11fbWXfBeBqTww8Gkfoa0yeL8zj9JLF+lP/MatsfHVnZbhG3EVsMI62Pseaj/1n:QbWkuwwjkULhlPUatsfBxhsE
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  bqjktnf
- Size
  
  76KB
- MD5
  
  7137d4e3afd315b20fe28f807ba248a6
- SHA1
  
  ca8b8259f248a5680e746ae56d47aff92957fc97
- SHA256
  
  ff75db74d50664e4298bc5cab73d97b7b9f5207340c6c882f9796f6b6a9a6572
- SHA512
  
  8175e31493ff308a4aa4e74a75a11fa3a0eb61dfd0e12a4527f84d02f7a7cc48b57bb9734644c35a4a7246b3e7cf14998b1e2e19141fbf48da88a3e4f87b5ab3
- SSDEEP
  
  1536:fKAurZHleuE9EGz/6AsKT15zRb8KiKcqMFiCx:ftur7E9NxDx5zRKlhjx
Score

1^/10
behavioral3 behavioral4
- Target
  
  d3dx9_43.dll
- Size
  
  1.9MB
- MD5
  
  f1bbecf9a9ba4f66c60186b4b0b089f8
- SHA1
  
  cb6fb39603649d4e62941a8830dde3e570395208
- SHA256
  
  295743c493062fd7813bb126019f0938800ccda3cd70bd9c9af754c088ae3482
- SHA512
  
  20fac654621caad458dec4db244a37c03ac94d4b9795a4bb8de86bdaaf8fad089d1955d1eb64495ca85339cd07d296c024b7b73db66e8893f751c9273e73fbda
- SSDEEP
  
  24576:wU1U6OIyl2Wy9M3bJ45fPS0zFZghQ6aOiFaKOE31GrvFXl74YZ29X1MDd6olmrBn:wl66l2u45BiNYFrz31Cv3D29kd6kH
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  pojg
- Size
  
  899KB
- MD5
  
  358183f8863c4dedf730d94b62c937d7
- SHA1
  
  a3d4fb1865aac43d4279a53340891c1e4e4d165c
- SHA256
  
  aa1026813889b3fc1e09ac16e6384d0b856ff6f2f44188c4699a35fb33d17649
- SHA512
  
  a68f819454007d01aaf6aeb8c64e11fadaa0b197f62fbb0b2dcb5d5767c34d30dba45d0ef190d07b79b980918810465dfad91852f54a41f7f141047c6a35659b
- SSDEEP
  
  24576:BIcHZe3hjdhl9jgqfMOd5VpLwH3I/Z5ew/qwv/A:ShjJ3GY/b/q+I
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8