lumma | 6b0bbd68dccfcbf2ba81793b581e0fbdd5bddc3bf15aa21567be5f0a204ed2d0 | Triage

Sharing

General

Target

MetaLab.zip
Size

3.6MB
Sample

241001-bma8satdmq
MD5

0df9f17d504ac9f9c6f7b945b1593304
SHA1

2d20f27176c6ce18d330a90a6f433798a065f5c6
SHA256

6b0bbd68dccfcbf2ba81793b581e0fbdd5bddc3bf15aa21567be5f0a204ed2d0
SHA512

baefc4297aa087669da7a1a3fd5785b52003c51628df3d4b89385501e0ad0d304a2b842c2a026ca3e1259bb20ba22ce13528132f08000e8342cfea59647ccc7b
SSDEEP

98304:+077yK4eWG8E5X+TtjdT0znhJjuvMSVMXvwgtA1:94o/9OwnhJyvMSmwgtI

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://admissionfaccen.shop/api

Targets

- Target
  
  MetaLab.zip
- Size
  
  3.6MB
- MD5
  
  0df9f17d504ac9f9c6f7b945b1593304
- SHA1
  
  2d20f27176c6ce18d330a90a6f433798a065f5c6
- SHA256
  
  6b0bbd68dccfcbf2ba81793b581e0fbdd5bddc3bf15aa21567be5f0a204ed2d0
- SHA512
  
  baefc4297aa087669da7a1a3fd5785b52003c51628df3d4b89385501e0ad0d304a2b842c2a026ca3e1259bb20ba22ce13528132f08000e8342cfea59647ccc7b
- SSDEEP
  
  98304:+077yK4eWG8E5X+TtjdT0znhJjuvMSVMXvwgtA1:94o/9OwnhJyvMSmwgtI
Score

1^/10
behavioral1 behavioral2
- Target
  
  MetaLab/Configs/config.dll
- Size
  
  740KB
- MD5
  
  f643e6ddd7afeed1c03ca69a8e71b66a
- SHA1
  
  a2c6655ead23c3c4dea9171c5aff4adfeb15ea47
- SHA256
  
  5733dc037491e1fbbd639131ee462afb69a8fe10680e72a240eed268878bdac4
- SHA512
  
  ad599fbeac0fdbd86ab6e2395c3d82a589e66bdfbef24870122580da4aaf534d610425da8cc82181b326b0fcb65972957c2e74430f6f950c1bc3cdc0da93671f
- SSDEEP
  
  12288:ab+Azqyc+GYIvPc/90guuCPzhDAQuoBmbW65dH580JAy0J7IRdwhS4O04htM1D5:ab5Wyc+GYmc0guuEtMQxmbW0dH580xY/
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  MetaLab/Configs/inject.dll
- Size
  
  25.7MB
- MD5
  
  cdbcfa0a8dc95ea6cadbec8420e926c3
- SHA1
  
  6942e543167524cec1e3d7496976935123a88f86
- SHA256
  
  2781a575ecce623ac3b78b58c768a06c9abf4acd107371c1b610aa4173fcab5e
- SHA512
  
  8bfccf7fafc014d02b31c9256d1670867b5cc5a65635376ba78dfe1e95bc08344e5367b3ebd70563fca361c8c6cfe4451497d026c294ab989ddb56e02111db0f
- SSDEEP
  
  24576:ab5Wyc+GYmc0guuEtMQxmbW0dH580xYIwzO0Zzp:ab8ysYm5ax580/wK0Zzp
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  MetaLab/Configs/main.dll
- Size
  
  740KB
- MD5
  
  f643e6ddd7afeed1c03ca69a8e71b66a
- SHA1
  
  a2c6655ead23c3c4dea9171c5aff4adfeb15ea47
- SHA256
  
  5733dc037491e1fbbd639131ee462afb69a8fe10680e72a240eed268878bdac4
- SHA512
  
  ad599fbeac0fdbd86ab6e2395c3d82a589e66bdfbef24870122580da4aaf534d610425da8cc82181b326b0fcb65972957c2e74430f6f950c1bc3cdc0da93671f
- SSDEEP
  
  12288:ab+Azqyc+GYIvPc/90guuCPzhDAQuoBmbW65dH580JAy0J7IRdwhS4O04htM1D5:ab5Wyc+GYmc0guuEtMQxmbW0dH580xY/
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  MetaLab/Configs/menu.dll
- Size
  
  15.7MB
- MD5
  
  ad221eeed9e868aec82828b00d58a9ae
- SHA1
  
  d6b210dcdbad81ac95b1972737cb15396979e507
- SHA256
  
  fbae29c161fb4d75eeda52aeb77273359f1b004b5230ee80d1d9cfbac641bff3
- SHA512
  
  4ab81621a2afe9ae693b402fd6592fe2d010d0287856bd67c8a021cbae35fc7d2b1bcf310bb0e5517dbc4f37ee19bc9c4cd408406c93bbeaced7bd9f56db4850
- SSDEEP
  
  24576:ab5Wyc+GYmc0guuEtMQxmbW0dH580xYIwzO0Zzp:ab8ysYm5ax580/wK0Zzp
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  MetaLab/Configs/up.dll
- Size
  
  740KB
- MD5
  
  f643e6ddd7afeed1c03ca69a8e71b66a
- SHA1
  
  a2c6655ead23c3c4dea9171c5aff4adfeb15ea47
- SHA256
  
  5733dc037491e1fbbd639131ee462afb69a8fe10680e72a240eed268878bdac4
- SHA512
  
  ad599fbeac0fdbd86ab6e2395c3d82a589e66bdfbef24870122580da4aaf534d610425da8cc82181b326b0fcb65972957c2e74430f6f950c1bc3cdc0da93671f
- SSDEEP
  
  12288:ab+Azqyc+GYIvPc/90guuCPzhDAQuoBmbW65dH580JAy0J7IRdwhS4O04htM1D5:ab5Wyc+GYmc0guuEtMQxmbW0dH580xY/
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  MetaLab/Configs/wh.dll
- Size
  
  10.7MB
- MD5
  
  198c66169ef3cf7c18fb40424712a514
- SHA1
  
  3fb45a587ed30859ed5a7d6cc2f1e54297028759
- SHA256
  
  2355af0206fa846ef86984034bd604b041dc582f4573453d49ec068d8d56f372
- SHA512
  
  5639636244d52f2e6e0a067c38597380403ebc7ebefd382d2fe861cbbfb296cdd85170641aec24cc98608f4f9e3c6913ebe73862b62f01a3cd80fca976d863c4
- SSDEEP
  
  24576:ab5Wyc+GYmc0guuEtMQxmbW0dH580xYIwzO0Zzp:ab8ysYm5ax580/wK0Zzp
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  MetaLab/Core.dll
- Size
  
  7.1MB
- MD5
  
  c93645a72a514ad37f2732ea03c6ba84
- SHA1
  
  981fb81925ce0f9eff224704d55e39fafcf120dd
- SHA256
  
  a6f09c70d420f984fbbe0533631dbfffeec4d12c34999b45f87d54cdf52e153e
- SHA512
  
  b6be18f77ca6dcfc801d519889ce4eecdeda8d314de6ab6df0f235e865a1620d120e9df796579cc60e5e2e5d651c503639e185babeb2f992fdad8248e2e4090d
- SSDEEP
  
  768:rkHceEMWH8T9j8kHceEMWH8T9j8kHceEMWH8T9jC:I8dZcT998dZcT998dZcT9C
Score

1^/10
behavioral15 behavioral16
- Target
  
  MetaLab/Data.dll
- Size
  
  24KB
- MD5
  
  686c625fbfad9db37a93a8ec5324b247
- SHA1
  
  7558d93cc345e135afc31122618c034c7cb7248a
- SHA256
  
  559ebc6a47f70380a9f8935d506d083e4867ccfad0370858089fdb79ff52cd22
- SHA512
  
  6baba5bef9019383ff77fe65627f70103aacb9954f1d68db6aec64a9ae0784b5fe31a9884f716b61fe8dd850739bdfa9f4bac8551226f124a581399e59f26a1b
- SSDEEP
  
  384:L/AAaFiTCmM82SuxDJQfWaFWsZTb2HRN7nR3I15DNR9zQ1Bt:DpaFiTCm0DJQFT/inWr9z8Bt
Score

1^/10
behavioral17 behavioral18
- Target
  
  MetaLab/Drawing.dll
- Size
  
  40KB
- MD5
  
  3914e5d98945a34651a6f4bf003136d8
- SHA1
  
  debaa7d57086ebe0c11df6ee520cd78a9109bfa0
- SHA256
  
  75cc3513dad447d94e278452a4c23582356cf127f2f290f915655742f4dd4f72
- SHA512
  
  0a72e64f022613386802b6110d3b38e0235867cfd657f4a691e7cc841ce9c467539be8d94ffb383637674980c795c2c65fbed301091eed31c6db364869592cc3
- SSDEEP
  
  768:Zz0jGGEMWk8TycxOMZz0jGGEMWk8TycxOMn:vlZNTyM3vlZNTyM3n
Score

1^/10
behavioral19 behavioral20
- Target
  
  MetaLab/Fonts/PTSANS-REGULAR.TTF
- Size
  
  271KB
- MD5
  
  4ea26cd5e7f64894d6c2451446f7dda5
- SHA1
  
  f76b45110f00329835a82c974387a6ce0c41d6a4
- SHA256
  
  419e240303f11800c2b0d24b19bd361831be1789142586aeca5bf078a1e7733e
- SHA512
  
  3f3b4e01154fc50c6df3e628a357a6f77864cf2c3a8cddb19bc450977ce1405a769763bfa14b0bf0c8fe827009b8e41769a1cb2c6cf4b9e150ed46c2ac8500f8
- SSDEEP
  
  6144:+c64rdazls6jEotSFfo9lsu5jNTNZPbZhfhS:+mrdg6kSFwAu5jF5S
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  MetaLab/Fonts/SFProDisplay-Medium.ttf
- Size
  
  423KB
- MD5
  
  c5a8e1f150a5b6d6d37e0f95220ed5f6
- SHA1
  
  9984b1542bd1f676d5416b7ba6bf670c56620296
- SHA256
  
  5d1423c958ca2ecfe2815bc663132b6e6c4680da56922e072940872f864e12a7
- SHA512
  
  9b6c8395848440163497242dcfa1131aa1b2057407a48852321ce856a637d1087a3dfc7c46c9e40f5c1b0f7c5f5171860d620db9fe685c17f06f06266a3f1fa5
- SSDEEP
  
  6144:AuAm/ocqr5GkSkOMjtAsiIxZQBuXRl3m82L/RkQ+CL17dv6H6wkSjvI7gNp+Cu+k:AGEQ5eT9mixFFA
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral23 behavioral24
- Target
  
  MetaLab/HowToUse.txt
- Size
  
  33B
- MD5
  
  f71081c36f4f75180ddff1428a608c38
- SHA1
  
  e8350455c4f182c571394d7aa4141d428a4356fd
- SHA256
  
  74875a00253a08e9c7af4ead770954317b2fdd05d56af2a1495cc55260950261
- SHA512
  
  c2717403ccd22d9bc7ea8a905ad82abcb82cd29ebe28354febb67ecaaa959ef66c9c7e411b848e3bbadc5bdafefa9ec2a820051f6192ba8d518d8c83b1f000ff
Score

1^/10
behavioral25 behavioral26
- Target
  
  MetaLab/MetaLab.exe
- Size
  
  5.4MB
- MD5
  
  8b0c98a6fcc3ed6a56d86a129c2b12f4
- SHA1
  
  1c8ffc12daf521c21c8cde172df5f7685e5b17d9
- SHA256
  
  b0e239df43f6033bc786f5ff49c30d126c19c2a151d207e147024d3cc5a0c098
- SHA512
  
  5ef9595c1bd4f6cbe6fc0b7039583a30457cf615a3c24d3f7e9e9ea65a57404da278f1ad8003e1e189443a4c72f1300a548f92af7417a270d097d8478af1a316
- SSDEEP
  
  6144:6hyjHjZ5AdTMM2Wyjb48JugzIucxyIDH/juuwHGuaGM6Ty+mg5JED6VNKtPeUToV:64jVqxmff9X6H/jZwmlGMS1cD6jIePvt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Suspicious use of SetThreadContext
behavioral27 behavioral28
- Target
  
  MetaLab/Themes/Insomnia.json
- Size
  
  5KB
- MD5
  
  13ca13758fab652f89ed4867520d88c8
- SHA1
  
  3d5263a7a4ee40a6d581de0d73b81ff9dc35bf9e
- SHA256
  
  4196e53858d0a10ec9cf9adbc8ffaf8be4690c02c1a3d0b228c3732e803410ec
- SHA512
  
  d0268b59d8abe9ad21aee73b3cdc8dbe0690041669297a23b60c88d4c7b1782a189c80f490b2c297c54394e635a28800a75f654aeb2c42db3aa4ce139ba0d1a1
- SSDEEP
  
  48:HNIwsW9kwny3UT5f533WRw7iB7AmYBWwd2WnWtf5Wj3WCWlWwWGRPfWqWNWKge3e:n0C00p2WThzhoWhoBhehjhEhNhMhBhW
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  MetaLab/msvcp140.dll
- Size
  
  519KB
- MD5
  
  a8a551040a3089bf3f892249c30b61e3
- SHA1
  
  4ed7645c4fbcfd832a65248d27dd3d3887cf3131
- SHA256
  
  7799789a1b7ecbc68725dcce3514890da2e81e7f9f82f0916c814c84675c1157
- SHA512
  
  84861c83ef12c6ef2ffe918b43f98473180fd20b8babb0eef95a1ab3a4cbe4bcd38385a7acedf5da55fd95a4d75886fefe43162fa3311b041b95bbd1cf9cc02d
- SSDEEP
  
  12288:cpCZN12WDScvn0ACKxqpqrD+OHyplXUgU0YD4tnRtK7XAs8g4nDqqmfdFAN0+Liu:qvhuZiKJjIp
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

lummadiscoverystealer

behavioral28

lummadiscoverystealer

behavioral29

behavioral30

behavioral31

behavioral32