lumma | a8115a371e1fcf56172bd0f9ab18df7dfce1547c0f3e236987b120ae3a2fb7e9 | Triage

Sharing

General

Target

a8115a371e1fcf56172bd0f9ab18df7dfce1547c0f3e236987b120ae3a2fb7e9
Size

3.7MB
Sample

240909-jxzm5a1cnf
MD5

2b70c7a9049a7a2b476d5059f3ccc7b7
SHA1

6e98320646820ddcb10db7169711d1a0988b9bb9
SHA256

a8115a371e1fcf56172bd0f9ab18df7dfce1547c0f3e236987b120ae3a2fb7e9
SHA512

88d14070318465d5b7b6c427aa11a8d16f141e3a248b641077769a7e347d65f8c6a2cd21702018d6e25688420eb957ebd54787b5193a212debf0e025b173ed10
SSDEEP

98304:owkCIwFg8RPMieXZkrQqwRUHkeFTUlFfuCtqmm9KoMmD:kwnMJpkMKHkeFTAFHImm9KoMmD

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://provisionfusni.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  28d8b2f2db8bb284b210e8c0b9c8e74925aae88ae0d5f63aeeadba36a7073a34.exe
- Size
  
  11.6MB
- MD5
  
  4417a5d2296f6c37335027a565122745
- SHA1
  
  ef96963a00203753581cbd376254f7f23e51a954
- SHA256
  
  28d8b2f2db8bb284b210e8c0b9c8e74925aae88ae0d5f63aeeadba36a7073a34
- SHA512
  
  2299dc6f6e99fb03dfe8dc30e6208467826336041893d4ffdb71fece0fc037eae2d6300de735661e85b10b3af8aa5b0088db8043c641b84ec4b18699b2c10868
- SSDEEP
  
  49152:t83a+X9M+qpnF/CxiyOMfGJXaxgb6BIsj8BsQxA8qeZJhJLxVtZNDhzRL3VSPGjo:ya+Xy6xiBJU8GQxtqYJzx/LMRsN/i/tF
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer