lumma | f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266

Sharing

Copy URL

Twitter E-mail

General

Target

f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266.exe
Size

46.2MB
Sample

241007-cl9kmazanr
MD5

9e1f57731569a5ccbd7526f3ae1c4b50
SHA1

1c7915b594ea634885c57c2281a8ce77483f1961
SHA256

f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266
SHA512

b0368552bd8e7b971210edfa6bba06891c6a41f5c2c61b2a9109dd120df5e0f865ec32ea363fc170473540b7f836ce5ce74f9b11a6f705d2b384e96107411e26
SSDEEP

786432:FT8dGiVeQ4LJ3fj4cV7WP4S8o1cZKMjWHZh0Rhp5MRd41Vlbr2BGkKq+qTOFUiRW:F1OeQQFf7V6XnqbcIHMRihr2Mkp+qiFu

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://gailsacademy.com/fza/f1a.zip

exe.dropper

https://gailsacademy.com/fza/f4a.zip

exe.dropper

https://gailsacademy.com/fza/f3a.zip

exe.dropper

https://gailsacademy.com/fza/f2a.zip

exe.dropper

https://gailsacademy.com/fzf/

Extracted

Family

lumma

Targets

- Target
  
  f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266.exe
- Size
  
  46.2MB
- MD5
  
  9e1f57731569a5ccbd7526f3ae1c4b50
- SHA1
  
  1c7915b594ea634885c57c2281a8ce77483f1961
- SHA256
  
  f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266
- SHA512
  
  b0368552bd8e7b971210edfa6bba06891c6a41f5c2c61b2a9109dd120df5e0f865ec32ea363fc170473540b7f836ce5ce74f9b11a6f705d2b384e96107411e26
- SSDEEP
  
  786432:FT8dGiVeQ4LJ3fj4cV7WP4S8o1cZKMjWHZh0Rhp5MRd41Vlbr2BGkKq+qTOFUiRW:F1OeQQFf7V6XnqbcIHMRihr2Mkp+qiFu
Score

10^/10

lumma discovery execution stealer netsupport persistence rat
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  install.exe
- Size
  
  136KB
- MD5
  
  5ecd826babbebdd959456c471dec6465
- SHA1
  
  f94a596b742c0653ff7201469f133108f17b46e9
- SHA256
  
  b2be43c010bc0d268a42a11296829e088d7eef81cc39bfcdc0b9f0e9a65717ea
- SHA512
  
  30563a15786f245e4a7ff1b8996f302dbf4b1d4950098d6899815b5065d3058b290a81b6564c19c85cfcd425c08c9f6bac5bc31ba95773978f9a9c5cde123d38
- SSDEEP
  
  1536:JZ2FWSNhd/4131iP08SKKAP7wBwp8wZtE:r2ddQ131ispKJP7w2p
Score

10^/10

lumma discovery execution stealer netsupport persistence rat
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  jre/Welcome.html
- Size
  
  983B
- MD5
  
  3cb773cb396842a7a43ad4868a23abe5
- SHA1
  
  ace737f039535c817d867281190ca12f8b4d4b75
- SHA256
  
  f450aee7e8fe14512d5a4b445aa5973e202f9ed1e122a8843e4dc2d4421015f0
- SHA512
  
  6058103b7446b61613071c639581f51718c12a9e7b6abd3cf3047a3093c2e54b2d9674faf9443570a3bb141f839e03067301ff35422eb9097bd08020e0dd08a4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  jre/asm-all.jar
- Size
  
  241KB
- MD5
  
  f5ad16c7f0338b541978b0430d51dc83
- SHA1
  
  2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a
- SHA256
  
  7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d
- SHA512
  
  82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a
- SSDEEP
  
  6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
Score

1^/10
behavioral7 behavioral8
- Target
  
  jre/bin/JAWTAccessBridge-32.dll
- Size
  
  14KB
- MD5
  
  d63933f4e279a140cc2a941ccff38348
- SHA1
  
  75169be2e9bcfe20674d72d43ca6e2bc4a5a9382
- SHA256
  
  532d049e0d7a265754902c23b0f150d665a78a3d6fe09ad51c9be8c29d574a3d
- SHA512
  
  d7a5023a5eb9b0c3b2ad6f55696a166f07fa60f9d1a12d186b23aaaacc92ef948cb5dffa013afc90c4bbe3de077d591185902384f677d0bae2ff7cfd5db5e06c
- SSDEEP
  
  192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  jre/bin/JAWTAccessBridge.dll
- Size
  
  14KB
- MD5
  
  b4eb9b43c293074406adca93681bf663
- SHA1
  
  16580fb7139d06a740f30d34770598391b70ac96
- SHA256
  
  8cd69af7171f24d57cf1e6d0d7acd2b35b4ea5fdf55105771141876a67917c52
- SHA512
  
  a4e999e162b5083b6c6c3eafee4d84d1ec1c61dca6425f849f352ffdccc2e44dfee0625c210a8026f9ff141409eebf9ef15a779b26f59b88e74b6a2ce2e82ef9
- SSDEEP
  
  192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  jre/bin/JavaAccessBridge-32.dll
- Size
  
  125KB
- MD5
  
  2f808ed0642bd5cf8d4111e0af098bbb
- SHA1
  
  006163a07052f3d227c2e541691691b4567f5550
- SHA256
  
  61dfb6126eba8d5429f156eaab24ff30312580b0abe4009670f1dd0bc64f87bb
- SHA512
  
  27dbda3a922747a031ff7434de5a596725ff5ae2bc6dd83d6d5565eb2ba180b0516896323294459997b545c60c9e06da6c2d8dd462a348a6759a404db0f023a7
- SSDEEP
  
  3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  jre/bin/JavaAccessBridge.dll
- Size
  
  124KB
- MD5
  
  c3ded5f41e28faf89338fb46382e4c3e
- SHA1
  
  6f77920776d39550355b146d672c199a3941f908
- SHA256
  
  4691603dfabe6d7b7beac887dadc0e96243c2ff4f9a88ce3793e93356c53aa08
- SHA512
  
  23621f2856899f40cfa9858dc277372bfe39f0205377543eb23e94422d479a53fdf664f4a9a4515c2285811f01d91ab64a834a03a4d3ab0cb7d78f8af11135ff
- SSDEEP
  
  3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  jre/bin/WindowsAccessBridge-32.dll
- Size
  
  95KB
- MD5
  
  f78d2bf2c551be9df6a2f3210a2964c1
- SHA1
  
  b6a4160eca4c0d0552234ff69bcfdf45f0a2a352
- SHA256
  
  9d18e5421a8606985fa54d7cea921d1b8930358a2e4cdf5fdf2a8b3e4d857288
- SHA512
  
  aac8622683be57518f8b03198a03bf1f760e082692c1fb6252e96cdba19d3ceb0a6786ccbd7b98830e865297308fa99dbbea464e41041abdda18aeb862ba993f
- SSDEEP
  
  1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  jre/bin/WindowsAccessBridge.dll
- Size
  
  93KB
- MD5
  
  e5a6231fe1e6fec5f547dfd845d209bc
- SHA1
  
  3f21f90ecc377b6099637d5b59593d2415450d45
- SHA256
  
  51355ea8a7dc238483c8069361776103779ce9fe3cd0267770e321e6e4368366
- SHA512
  
  d5d20df0089f3217b627d39abd57c61e026d0dc537022fb698f85fa6893c7fa348c40295deec78506f0ef608827d39e2f6f3538818ba25e2a0ee1145fcc95940
- SSDEEP
  
  1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  jre/bin/awt.dll
- Size
  
  1.1MB
- MD5
  
  159ccf1200c422ced5407fed35f7e37d
- SHA1
  
  177a216b71c9902e254c0a9908fcb46e8d5801a9
- SHA256
  
  30eb581c99c8bcbc54012aa5e6084b6ef4fcee5d9968e9cc51f5734449e1ff49
- SHA512
  
  ab3f4e3851313391b5b8055e4d526963c38c4403fa74fb70750cc6a2d5108e63a0e600978fa14a7201c48e1afd718a1c6823d091c90d77b17562b7a4c8c40365
- SSDEEP
  
  24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  jre/bin/bci.dll
- Size
  
  15KB
- MD5
  
  a46289384f76c2a41ba7251459849288
- SHA1
  
  4d8ef96edbe07c8722fa24e4a5b96ebfa18be2c4
- SHA256
  
  728d64bc1fbf48d4968b1b93893f1b5db88b052ab82202c6840bf7886a64017d
- SHA512
  
  34d62beb1fa7d8630f5562c1e48839ce9429faea980561e58076df5f19755761454eeb882790ec1035c64c654fc1a8cd5eb46eca12e2bc81449acbb73296c9e8
- SSDEEP
  
  384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  jre/bin/client/jvm.dll
- Size
  
  3.7MB
- MD5
  
  39c302fe0781e5af6d007e55f509606a
- SHA1
  
  23690a52e8c6578de6a7980bb78aae69d0f31780
- SHA256
  
  b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc
- SHA512
  
  67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77
- SSDEEP
  
  98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  jre/bin/dcpr.dll
- Size
  
  139KB
- MD5
  
  4bdc32ef5da731393acc1b8c052f1989
- SHA1
  
  a677c04ecd13f074de68cc41f13948d3b86b6c19
- SHA256
  
  a3b35cc8c2e6d22b5832af74aaf4d1bb35069edd73073dffec2595230ca81772
- SHA512
  
  e71ea78d45e6c6bd08b2c5cd31f003f911fd4c82316363d26945d17977c2939f65e3b9748447006f95c3c6653ce30d2cda67322d246d43c9eb892a8e83deb31a
- SSDEEP
  
  3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  jre/bin/decora_sse.dll
- Size
  
  62KB
- MD5
  
  b04abe76c4147de1d726962f86473cf2
- SHA1
  
  3104bada746678b0a88e5e4a77904d78a71d1ab8
- SHA256
  
  07ff22e96dcfd89226e5b85cc07c34318dd32cda23b7ea0474e09338654bfeb3
- SHA512
  
  2e4e2feb63b6d7388770d8132a880422abf6a01941bff12cad74db4a641bda2dcc8bf58f6dae90e41cc250b79e7956ddf126943e0f6200272f3376a9a19505f1
- SSDEEP
  
  1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  jre/bin/deploy.dll
- Size
  
  442KB
- MD5
  
  5edaeffc60b5f1147068e4a296f6d7fb
- SHA1
  
  7d36698c62386449a5fa2607886f4adf7fb3deef
- SHA256
  
  87847204933551f69f1cba7a73b63a252d12ef106c22ed9c561ef188dffcbae8
- SHA512
  
  a691ef121d3ac17569e27bb6de4688d3506895b1a1a8740e1f16e80eefce70ba18b9c1efd6fd6794fafc59ba2caf137b4007fcdc65ddb8bcbfcf42c97b13535b
- SSDEEP
  
  6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

NetSupport

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Lumma Stealer, LummaC

NetSupport

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32