lumma | fd17c39f31d3ad3ce0c7d7f3ad03e85f0475e3e84e3e582dcac4864f8a2390c7 | Triage

Sharing

General

Target

[email protected]
Size

11.5MB
Sample

240908-jh493atgkq
MD5

e17763ef1ee58d850380d2a4d6817c53
SHA1

5d702dfd8c85a50f95d538c3afaa61395136a455
SHA256

fd17c39f31d3ad3ce0c7d7f3ad03e85f0475e3e84e3e582dcac4864f8a2390c7
SHA512

6ae17f89f46bb61b286319306c71d4bbf130f5e685fe8d0bc991fb9966e83199c81edda2695ab6be799643f1d1ac33e25871aae0d0331542073aca4a1a1ed084
SSDEEP

196608:DwKvTooU6zxaJNjb1H/RZKCSHuknYoEwGyFSD/4ATpD3N2w7261cA/fGuAhRkY4V:DzZErjb1H/ZSpz7GysDQsDd2w7j68f/d

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://condedqpwqm.shop/api

Targets

- Target
  
  ExxxxSet_up.exe
- Size
  
  749.4MB
- MD5
  
  fe069d8e3711f5c4ac4a0735a02fc303
- SHA1
  
  3352dcd0c6913f206dde60ea95afaff471895138
- SHA256
  
  dc5d859a301eec28319936a6b94d3eb439f7b62b890bcf177d25718a3b8418cc
- SHA512
  
  c0382e00c16c93e1e0c1a2a40937c84568cdb66f31e1735975546a3d1904d7b8ce12cb4d6c33ef07d993962daca6825a9446867305f308d29186729533289708
- SSDEEP
  
  196608:8lN3eZmCSq9xx0+tH8o7o3X0HXG6uq9+nkl0pIlKeRfMU/nV:sRExxrG3k2TqNvF
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer