lumma | 2d272ac67fab94e2d70ba5ecc897acac5626a272743b7fa5da05aa8fae9a1d63 | Triage

Sharing

General

Target

2024-09-05_834d4361df57ab70657a0ad7a469952f_poet-rat_snatch_zxxz
Size

27.9MB
Sample

240905-wz9bkawhll
MD5

834d4361df57ab70657a0ad7a469952f
SHA1

8ba395c443940e6db54a255fa3ddfbe0fab88b59
SHA256

2d272ac67fab94e2d70ba5ecc897acac5626a272743b7fa5da05aa8fae9a1d63
SHA512

67ef23d53c11e226500181c34e3fc6a6ea0ed185ce9c92cccbf4523777ca361b6f033ecc71bc710d2603ddb61f191a6d0443702dacbdae6ecb98550aa82202cc
SSDEEP

196608:dzO+Q6tniZQ78sFB/iBi8eZvuMGpy36kYg0vdi:fti27zFiemmGi

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://fisstyconsumerosp.shop/api

Targets

- Target
  
  2024-09-05_834d4361df57ab70657a0ad7a469952f_poet-rat_snatch_zxxz
- Size
  
  27.9MB
- MD5
  
  834d4361df57ab70657a0ad7a469952f
- SHA1
  
  8ba395c443940e6db54a255fa3ddfbe0fab88b59
- SHA256
  
  2d272ac67fab94e2d70ba5ecc897acac5626a272743b7fa5da05aa8fae9a1d63
- SHA512
  
  67ef23d53c11e226500181c34e3fc6a6ea0ed185ce9c92cccbf4523777ca361b6f033ecc71bc710d2603ddb61f191a6d0443702dacbdae6ecb98550aa82202cc
- SSDEEP
  
  196608:dzO+Q6tniZQ78sFB/iBi8eZvuMGpy36kYg0vdi:fti27zFiemmGi
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer