lumma | fd17c39f31d3ad3ce0c7d7f3ad03e85f0475e3e84e3e582dcac4864f8a2390c7

Sharing

Copy URL Twitter E-mail

General

Target

[email protected]
Size

11.5MB
Sample

240907-yjz43a1fnl
MD5

e17763ef1ee58d850380d2a4d6817c53
SHA1

5d702dfd8c85a50f95d538c3afaa61395136a455
SHA256

fd17c39f31d3ad3ce0c7d7f3ad03e85f0475e3e84e3e582dcac4864f8a2390c7
SHA512

6ae17f89f46bb61b286319306c71d4bbf130f5e685fe8d0bc991fb9966e83199c81edda2695ab6be799643f1d1ac33e25871aae0d0331542073aca4a1a1ed084
SSDEEP

196608:DwKvTooU6zxaJNjb1H/RZKCSHuknYoEwGyFSD/4ATpD3N2w7261cA/fGuAhRkY4V:DzZErjb1H/ZSpz7GysDQsDd2w7j68f/d

Score

10^/10

Malware Config

Extracted

Family

lumma

https://condedqpwqm.shop/api

Targets

- Target
  
  ExxxxSet_up.exe
- Size
  
  749.4MB
- MD5
  
  fe069d8e3711f5c4ac4a0735a02fc303
- SHA1
  
  3352dcd0c6913f206dde60ea95afaff471895138
- SHA256
  
  dc5d859a301eec28319936a6b94d3eb439f7b62b890bcf177d25718a3b8418cc
- SHA512
  
  c0382e00c16c93e1e0c1a2a40937c84568cdb66f31e1735975546a3d1904d7b8ce12cb4d6c33ef07d993962daca6825a9446867305f308d29186729533289708
- SSDEEP
  
  196608:8lN3eZmCSq9xx0+tH8o7o3X0HXG6uq9+nkl0pIlKeRfMU/nV:sRExxrG3k2TqNvF
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  UP/AspNetMMCExt.ni.dll
- Size
  
  991KB
- MD5
  
  36ee5ccc4dc314a4de0791e640de1790
- SHA1
  
  18c574ae51d50f62401451c260cb493e8d04fe4e
- SHA256
  
  dc835e2e0e6495f2450fd3286fb306646f3fe2414205927a2f17e1a38cde148b
- SHA512
  
  15fa367c6b4448dcf8342b3de9277847c2c06e81bef0dd5421c03bb5ab97b7d9e47abf95c613863b095fbd660587caf9b8b12860a26670d44847ed6e071b2a58
- SSDEEP
  
  6144:kIunYEjH3v7jPgyJtj+SYrnZS6oujEmMNnd92HM+GJKq+8FgoM0g46Hnlpo5XCdK:4Y2Pv+fMNdd+GJKq+8M0SsoCjWbaY
Score

1^/10
behavioral3 behavioral4
- Target
  
  UP/AudioEndpointBuilder.dll
- Size
  
  734KB
- MD5
  
  2048e25cdbccaf2a78fd4e3c7a25ac63
- SHA1
  
  21fcda1aae33d74e4fa1519a18527757118b8dd5
- SHA256
  
  4044a7113505735a6c06295ff82416ef0ed3248fb889176922cc50d5829aaa6a
- SHA512
  
  f8b21d3e2412056d561e947c2a0f992824fedc9c300506c07cf735d408581b585ba081405ad990a438739f1041d173695ec25751c6c29b60e2c46a6572fba355
- SSDEEP
  
  12288:jlOOolF1aGVlUaA0Q5Bq+nT4ad1L+YLIA5MMDiprlWhYUZrKhttYz:jlLolF1aJ1A+nW4ICMMDsxilhKhHYz
Score

1^/10
behavioral5
- Target
  
  UP/AudioEng.dll
- Size
  
  2.0MB
- MD5
  
  4370adbcbfcc2a7199e704ef511028e7
- SHA1
  
  e80dbd2384d7c50df44a6671feff1293172e892d
- SHA256
  
  ed6614d89aab8ca2af2ae241c1bf4a1906490e12a0e241693880fcf37f39de39
- SHA512
  
  8ddb67fb27db33f3830feea555f29786c08fcadf02b0c681be5bcaa4daf535f019298dc5b525d2e1bd0c4a0ec49e70f8794a136e1fd5a00853047c4bb003b69d
- SSDEEP
  
  49152:xHEFp5L62Q+YN9wgVma+CZZvGA4hPhh9hhDhMLhhBhhvBLeQ20+8TD9n/:xkFw9WaXyhh9hhDhMLhhBhhH2MT1/
Score

1^/10
behavioral6
- Target
  
  UP/AudioSes.dll
- Size
  
  1.3MB
- MD5
  
  5e0464fc5c7c166d7c2394e5b4688489
- SHA1
  
  60f81513ed2e3800c7bfd1373abccf1f9f5c12af
- SHA256
  
  9f3984a65e7f5f1ac96507f89dd121fcb51ceb3a728c8014fd82adcd65a7db11
- SHA512
  
  0eed33bf2de011405b1cc80dacc4a6b170af4d3ba1943c6c327ea676bb982ca415448665b24407102fd72ffe94479fbcca8c4ddec66ae9476b6c6d2734d484ed
- SSDEEP
  
  24576:Q1PeMkk1qO/VNy/NQBPkX4Hpjlb9BdS5vYs1:ePF5qO/VNOL4HpjEvYs1
Score

1^/10
behavioral7
- Target
  
  UP/AuthFWSnapin.dll
- Size
  
  4.9MB
- MD5
  
  694c570d62364bdaf6538a5e2914204c
- SHA1
  
  37aa736a9876004499a1f7992222854db7a4a34d
- SHA256
  
  fb7716231261bbf2267337d493dd8923c8f15ad53336bce179815bec596201e7
- SHA512
  
  e0d53a3e615cb9548fed74571cb634800638ac463a3b31e1e7508039f758ab6e56c829a26ff290c543925490ac94c8bc67462cf6e88d394a02fd5617fde2280a
- SSDEEP
  
  49152:Fbo8ZgAaoMG04Z9/m0L7bPZrmkvXyvAYj+FDZ6Xxt1ISSDaH1RPtEEAGwTP4p/g8:N/PXbxzvXjYaFDZMXUxzvXWYaqDZW
Score

1^/10
behavioral8 behavioral9
- Target
  
  UP/audiosrv.dll
- Size
  
  1.8MB
- MD5
  
  d28e03a3227e7424605119209ecba28d
- SHA1
  
  9582b6c407914a424cbe465318858b5ca32a081a
- SHA256
  
  2f0632ff0f28a4239c1c89aaa32e3c7f40833e7db0386addc8a6f56d05fec276
- SHA512
  
  eac078be9c91763ea62756cb568e18519f8f7fc8e643e3b95e3d87d017f5ec90ae5b6d928e2fed45d2ae331e410c9e9c6d74801fb2e1a4494dd2872118e8018c
- SSDEEP
  
  24576:i7muMfX6zq7Nu/imwEc4M7UjbceH1qi9HM3eUiGQyxuNRMoJhyy2KtFRd:92GpFEc4Mcl1rHweUihCuNRMoJGKtF
Score

1^/10
behavioral10
- Target
  
  UP/authfwcfg.dll
- Size
  
  514KB
- MD5
  
  5d74048b1de852583602e64a68b05cf3
- SHA1
  
  ceadb9280319deaab9224f62dea1e78167047a23
- SHA256
  
  c70bc8fd1f17b32a64c1ea2448dd3f45802f2fc59ec0d8cd52e5786330eaa2b4
- SHA512
  
  47048e1fe14c1d353ec1520692c1a841e0a182970339b4ced2a9da44b8bffa8af4b060b13663b0b4dadf050e4c52da1bdf56e781315acf8a7197ff3076c93d1d
- SSDEEP
  
  6144:9++muUfZE/Ur+CkGtBlEHHZkRhG+yb2KmYweNoGzt27:9bUfOCntnyeohb0Yphzt2
Score

1^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11