lumma | 2a875c4f05a84aa5fa139d23e0b51b7cd2047c06a35d051ebd0891bd11f3a721 | Triage

Sharing

General

Target

MediPeel.exe
Size

10.7MB
Sample

240914-qdqdnsvfrr
MD5

ebb28d3da6ea29cec25910328415f994
SHA1

a178aaa66b50fb03e3db39902b31400b7088f2b1
SHA256

2a875c4f05a84aa5fa139d23e0b51b7cd2047c06a35d051ebd0891bd11f3a721
SHA512

a6073636b21f19e69a7f0e9b1ef201867fbad9a14f10f1d2c8b63cc3b2f6fdf3b3954be1955b37c8034ff52e048fe489f27553aaf28401bc93a317753f02c09a
SSDEEP

196608:Q4xFLbxtbJBdZaK31/aGdJXOLBZIy+fjfKCGqlQGDM427lZCcxxi6VTDqQ7poZQ:QeVbxH93Fa0JXDysQR57lZnxxi+TOQ7z

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://refrencireoi.shop/api

https://complainnykso.shop/api

https://basedsymsotp.shop/api

https://charistmatwio.shop/api

https://grassemenwji.shop/api

https://stitchmiscpaew.shop/api

https://commisionipwn.shop/api

Targets

- Target
  
  MediPeel.exe
- Size
  
  10.7MB
- MD5
  
  ebb28d3da6ea29cec25910328415f994
- SHA1
  
  a178aaa66b50fb03e3db39902b31400b7088f2b1
- SHA256
  
  2a875c4f05a84aa5fa139d23e0b51b7cd2047c06a35d051ebd0891bd11f3a721
- SHA512
  
  a6073636b21f19e69a7f0e9b1ef201867fbad9a14f10f1d2c8b63cc3b2f6fdf3b3954be1955b37c8034ff52e048fe489f27553aaf28401bc93a317753f02c09a
- SSDEEP
  
  196608:Q4xFLbxtbJBdZaK31/aGdJXOLBZIy+fjfKCGqlQGDM427lZCcxxi6VTDqQ7poZQ:QeVbxH93Fa0JXDysQR57lZnxxi+TOQ7z
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer