lumma | 2e49a28f4a1d94d6d7cfd31e54bde4bebf4abb48d048f69fe241ec1502b40943

General

Target

Larsson.exe
Size

351KB
Sample

240914-ffm18axdlj
MD5

09be66bbb52f8af439e8745d8f872cb6
SHA1

64038d25166fafdc9386fb5e88a4097b481c8204
SHA256

2e49a28f4a1d94d6d7cfd31e54bde4bebf4abb48d048f69fe241ec1502b40943
SHA512

aab694646234c08606387d5210de241bc5bb7c4ae0fafbb776de696464f19ff9b80f159f5329b2c5dcb4b2a6f3352c9a67dc56fdf2333962ecd82ae6bf16301f
SSDEEP

6144:9wcDxEzhXVwYx8I6V+MHzA6mlyoyK0LSvKXMVPMa+Y5hhw:9wXzhFwYd6C6mlyBK0LcK8V0axn

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://turkeyunlikelyofw.shop/api

https://wisemassiveharmonious.shop/api

https://colorfulequalugliess.shop/api

https://relevantvoicelesskw.shop/api

https://detectordiscusser.shop/api

https://associationokeo.shop/api

Targets

- Target
  
  Larsson.exe
- Size
  
  351KB
- MD5
  
  09be66bbb52f8af439e8745d8f872cb6
- SHA1
  
  64038d25166fafdc9386fb5e88a4097b481c8204
- SHA256
  
  2e49a28f4a1d94d6d7cfd31e54bde4bebf4abb48d048f69fe241ec1502b40943
- SHA512
  
  aab694646234c08606387d5210de241bc5bb7c4ae0fafbb776de696464f19ff9b80f159f5329b2c5dcb4b2a6f3352c9a67dc56fdf2333962ecd82ae6bf16301f
- SSDEEP
  
  6144:9wcDxEzhXVwYx8I6V+MHzA6mlyoyK0LSvKXMVPMa+Y5hhw:9wXzhFwYd6C6mlyBK0LcK8V0axn
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2