lumma | 3e0ef73f78582edea973aad80eb4668058d73596d30250a28831b927854eab24

Sharing

Copy URL

Twitter E-mail

General

Target

NewCompressedzippedFolder.zip
Size

24.9MB
Sample

241009-v1q1yazekq
MD5

fc8a4ddc69297c284b7e0fe150398d9a
SHA1

20fc57cacf697858002b61b63f0d42c21169762a
SHA256

3e0ef73f78582edea973aad80eb4668058d73596d30250a28831b927854eab24
SHA512

5715002d4d69d80b45fc588c76349fe57c41a82adfcfbbe9d46734ce0db2a0b1211eb869925cdbd6f25948815e5cb80ad27d6c46d2746640b39956b56bc44fb9
SSDEEP

786432:CxZ0h9U7XP3ikk931oIYfadBPGzSLEmtvyXKtiP9:CxsU7ykkfoMPqSHKlP9

Score

10^/10

Malware Config

Extracted

Family

lumma

https://reinforcenh.shop/api

https://stogeneratmns.shop/api

https://fragnantbui.shop/api

https://drawzhotdog.shop/api

https://vozmeatillu.shop/api

https://offensivedzvju.shop/api

https://ghostreedmnu.shop/api

https://gutterydhowi.shop/api

https://mysteryedjw.site

Targets

- Target
  
  touchthegirl/QtCore4.dll
- Size
  
  2.5MB
- MD5
  
  fecc62a37d37d9759e6b02041728aa23
- SHA1
  
  0c5f646caef7a6e9073d58ed698f6cfbfb2883a3
- SHA256
  
  94c1395153d7758900979351e633ab68d22ae9b306ef8e253b712a1aab54c805
- SHA512
  
  698f90f1248dacbd4bdc49045a4e80972783d9dcec120d187abd08f5ef03224b511f7870320938b7e8be049c243ffb1c450c847429434ef2e2c09288cb9286a6
- SSDEEP
  
  49152:VTFgiFpGXOENKSgjGkJsv6tWKFdu9C6TELyvL/6mShMZtmjNUVrciV5P+7QVg07/:V+iDaWjxJsv6tWKFdu9CZgfQ
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  touchthegirl/QtGui4.dll
- Size
  
  8.2MB
- MD5
  
  831ba3a8c9d9916bdf82e07a3e8338cc
- SHA1
  
  6c89fd258937427d14d5042736fdfccd0049f042
- SHA256
  
  d2c8c8b6cc783e4c00a5ef3365457d776dfc1205a346b676915e39d434f5a52d
- SHA512
  
  beda57851e0e3781ece1d0ee53a3f86c52ba99cb045943227b6c8fc1848a452269f2768bf4c661e27ddfbe436df82cfd1de54706d814f81797a13fefec4602c5
- SSDEEP
  
  98304:YxRJATZlLne1/cF6ZWHxD1HFH+J+70msIWeiLtRgi3d4PJpTcSqxyr:YxiZBG2xpljTcJy
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  touchthegirl/QtNetwork4.dll
- Size
  
  1.0MB
- MD5
  
  8a2e025fd3ddd56c8e4f63416e46e2ec
- SHA1
  
  5f58feb11e84aa41d5548f5a30fc758221e9dd64
- SHA256
  
  52ae07d1d6a467283055a3512d655b6a43a42767024e57279784701206d97003
- SHA512
  
  8e3a449163e775dc000e9674bca81ffabc7fecd9278da5a40659620cfc9cc07f50cc29341e74176fe10717b2a12ea3d5148d1ffc906bc809b1cd5c8c59de7ba1
- SSDEEP
  
  12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  touchthegirl/QtWebKit4.dll
- Size
  
  12.5MB
- MD5
  
  76664726d920e1a39453d056e160a01f
- SHA1
  
  75df808e2245617f60130f78deda08524a3d1215
- SHA256
  
  08285703b53def06e95bddf0dcf73a5fcdf266ec42a5623734c16aa6ec747c47
- SHA512
  
  f976ad479e53d0d5ecbdd5ce568baa923485c11a4a0817f1c7499ef1790fda4be8907d6dcc47eac0d10276f775f772916c0d58073483ddba1e776ed07fe1d3ea
- SSDEEP
  
  98304:ifyKJXPSGJ9opKMT/HSWmgskU9Kbrh0oHCXRm6fah5dEDlxnZTZQFlNNN7wIcQ0U:iKmcpZ3sE/+oHCX82++JxnmtcQ0
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  touchthegirl/Setup.exe
- Size
  
  80KB
- MD5
  
  2a8613b7d99903516b8fe02fd820bf52
- SHA1
  
  78a96addcb556ab1d490fac80f929305263d06b9
- SHA256
  
  f1d68c5e7c7660d4f2ce412c109b7fe3e088872fa0ebe61ca9ab9dd92a496407
- SHA512
  
  af0902aeb6169ea507b787da7b61c3533df4610c3f51c1d8f65dfc9008c8ce2580f2d86a49a4d0acc2c51c731f3e4c447d0d1d8e779dc1c75e43d30b79c46436
- SSDEEP
  
  1536:9A8oAY5SXfidLez+Q+EGfdUHLLXJ+CqoVpPBucQwk7qnKXKo5OMY8xk03ben8TK:M7Ohz+Q+EGlUHLLXJ+CqoTPBucQwktXS
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  touchthegirl/ccme_ecc.dll
- Size
  
  548KB
- MD5
  
  19f2641706952f221d5f1066d064db4d
- SHA1
  
  84bf37c1bd5cb3f35cd2aa934cd9c17cb2690282
- SHA256
  
  cd87094bdb78dbff8a593bef3952495414b2256eb75ac2d466da276d17e8bd9f
- SHA512
  
  155a8d9fe2fe238cbc341cb0f088b5be0b58bc2f0ab70eae488972c0e8cd0e16ae3afef64ab96e0c63f14ac53b2ab167f906e2b94bec7ba87b494121edf5ed67
- SSDEEP
  
  6144:Ra3lDLZaFal9tiA1GzrTJdln27EEvdABkVJAOlRs5DIcxkjSuo64hTQ0IL0QpC7K:RUlD9aFal94PDlGuBk3Js5DIqjv
Score

1^/10
behavioral11 behavioral12
- Target
  
  touchthegirl/icucnv67.dll
- Size
  
  15KB
- MD5
  
  c89f7b63c258a2d8b68a4bdaf5bbb2d4
- SHA1
  
  b1181f70adef2cfc1b884aa4a895984843ca326c
- SHA256
  
  ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2
- SHA512
  
  39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47
- SSDEEP
  
  192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral13 behavioral14
- Target
  
  touchthegirl/icudt67.dll
- Size
  
  15KB
- MD5
  
  d73b8ebe06c05cddad49297f668b481e
- SHA1
  
  44b139944043d4c4c5a33e1782cd8256f3fa70aa
- SHA256
  
  6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e
- SHA512
  
  8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6
- SSDEEP
  
  192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ
Score

6^/10

persistence privilege_escalation
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15 behavioral16
- Target
  
  touchthegirl/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  touchthegirl/msvcr100.dll
- Size
  
  752KB
- MD5
  
  67ec459e42d3081dd8fd34356f7cafc1
- SHA1
  
  1738050616169d5b17b5adac3ff0370b8c642734
- SHA256
  
  1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067
- SHA512
  
  9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33
- SSDEEP
  
  12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  touchthegirl/vcomp140.dll
- Size
  
  176KB
- MD5
  
  884c6f8718fd95c25e16a4789ae3bf7a
- SHA1
  
  33f7e6846498871927d21bed11cc4ef41804112a
- SHA256
  
  f8d8aca399a0f7e40b2993584404b31f13bf18ea657a5feb85b37b15a249a275
- SHA512
  
  48384af2f6359ca3ee6996fc34df8c357164097f0c0c5cb30f5bd080baa6af3b4bcada17fb94933a99955f97c4ac0e554ca2373a5638e29db84e8318165c7b0c
- SSDEEP
  
  3072:+Pr3XpMvAiR3LQpxELm3uFX1TfgZhPlUDJR9ZURc/5:+znSvAiO+m3uFFOj+O6/5
Score

1^/10
behavioral21 behavioral22
- Target
  
  touchthegirl/vcruntime140.dll
- Size
  
  94KB
- MD5
  
  11d9ac94e8cb17bd23dea89f8e757f18
- SHA1
  
  d4fb80a512486821ad320c4fd67abcae63005158
- SHA256
  
  e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
- SHA512
  
  aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
- SSDEEP
  
  1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
Score

1^/10
behavioral23 behavioral24
- Target
  
  touchthegirl/x86/ACE.dll
- Size
  
  1.1MB
- MD5
  
  d0ae82cdf9911bec3eddda128602af04
- SHA1
  
  58e167521f2b028d03aeb6c926d34c2c969fa9c6
- SHA256
  
  f9675304d13efaee32e6b4a3317b64231a59b684532a898d12b4e7ed88518afd
- SHA512
  
  c1520462a8e02ab09e2a101207e88cf6861b48c32b7c2523047251496479740a84987fb19aba4dc8610abe2c81e5f7dbc80c51b8667f4953e17dda583d27557d
- SSDEEP
  
  24576:tmGLzPLOXbuKR17zBXE+MXRHRg2yTEg863NzSxoopoo+F:v3jOyY7zB0+MXRHRg2iBrdzSqF
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  touchthegirl/x86/AGM.dll
- Size
  
  5.8MB
- MD5
  
  b39b8d45413692ff856e9ba907256c2f
- SHA1
  
  ab06b594a57b8bbe0f4c4ba80a12129953521667
- SHA256
  
  ee32f4cbba3a601d57064695a8ed5955e1b9af984110d34504b8d5ebb132c084
- SHA512
  
  1dcc8bbbc55ac27b0a0b96e28de73338b972e2998bc9c33439c32b721de811b2c9ecf6d7953dfbdfadcbcc0c64f56871d09ae953a449c516578e9e8b3e1df661
- SSDEEP
  
  98304:lUpuc5sPE5fMZywrovF+rMnV17FVgvhiWaOuBue5SlIN:cuMCEZ3wrovF+a5Z
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  touchthegirl/x86/AIDE.dll
- Size
  
  2.0MB
- MD5
  
  ad388ce4c2cc3aaff605994da782d57e
- SHA1
  
  f43c3f588c77a34e8b81b63247ac1d7657016050
- SHA256
  
  d3ba1adbfeef8f19e4aa570299c06d39a87dfc5fe3d85946270b722e44dacda7
- SHA512
  
  f8e8f0fc5d8e01f8afe1aac55d3a301fa0019c6e80099616abf5a41c09aeabd0294e4391ddac170c2cd5bcff0b9e9cb4b559a2eca50a273e398083542065e27b
- SSDEEP
  
  49152:h50rEANbHm4w0H5QZXjr/nZA9XANcZ4T5lQ:b0rEcbG4w0H5QZTrnZEmlu
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  touchthegirl/x86/Acrobat/Acrobat32OL.dll
- Size
  
  200KB
- MD5
  
  18e5a6296e02efb842fb3d11ca0c7c63
- SHA1
  
  1a774bc3ec960bf1d639b883ba34de0a101748a8
- SHA256
  
  629b4cef2c394c6a1fad37e5ac6f497b3bdac489270d54f4e98c5dfc925ea883
- SHA512
  
  66fe300a275d0dc403479668a3120e6eb9a84a28736e64b24afc37298e556589b40c191a83f5871b2ad1778e0a8a65f7a0878f29d409b2efb9d51531854c5198
- SSDEEP
  
  6144:tbL7Ohthut5BCRVS989WUY+7F4C9WOOS0mvpMJDJ2C7ejmj:xL7ObhG5BZUYiF4C9WOOS0m+JD
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32