lumma | 2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd | Triage

Sharing

General

Target

2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd.msi
Size

54.5MB
Sample

241002-bgskwazann
MD5

2d6151dbbbb50c077564ef7ffc971a4e
SHA1

b67ec6dd683f5f8b12d52aa79aeee9a498380589
SHA256

2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd
SHA512

22a30787cf820da489ed59b8f6401b1282b923a66f796211c2300f1864f4f10bee01d24133bfcb35975695f32273796cacdef03d726345c7a12cfb8ce6509979
SSDEEP

1572864:0p+Ty2SfWnHDk8FjVbfzPTq4h+RZYoFczfDiQPU8azMCAJ:h/0WnHDkkjBPTq4kYoFefTPU8awCm

Score

10^/10

lumma discovery execution persistence privilege_escalation stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://last-blink.com/2709.bs64

Extracted

Family

lumma

C2

https://gravvitywio.store/api

Targets

- Target
  
  2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd.msi
- Size
  
  54.5MB
- MD5
  
  2d6151dbbbb50c077564ef7ffc971a4e
- SHA1
  
  b67ec6dd683f5f8b12d52aa79aeee9a498380589
- SHA256
  
  2eae05e829f353c9a8d01683187eb759dbf73f90ccd435f03d46761b03247fbd
- SHA512
  
  22a30787cf820da489ed59b8f6401b1282b923a66f796211c2300f1864f4f10bee01d24133bfcb35975695f32273796cacdef03d726345c7a12cfb8ce6509979
- SSDEEP
  
  1572864:0p+Ty2SfWnHDk8FjVbfzPTq4h+RZYoFczfDiQPU8azMCAJ:h/0WnHDkkjBPTq4kYoFefTPU8awCm
Score

10^/10

discovery persistence privilege_escalation lumma execution stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

lummadiscoveryexecutionpersistenceprivilege_escalationstealer