lumma | cdf7704604f602522cabff38f75509469d80e53cd8f9a716d1c4faa02bd36851

Sharing

Copy URL

Twitter E-mail

General

Target

867537f1e2f91e74c68eaf029f21479b.bin
Size

33.0MB
Sample

241120-btzjysxlgs
MD5

837e19148a25fe7fd49f8b29bd7549cc
SHA1

3cca8d13420a315021cb0b411d2ddb04f92a1e81
SHA256

cdf7704604f602522cabff38f75509469d80e53cd8f9a716d1c4faa02bd36851
SHA512

ca88c31b5367563198105995073441fced5e76d36b2db9c599f4a01f6797696b5f24e473949109f0b63ca5f9d95d557322e2f3695b2ce4ff0f331a8ef56ac412
SSDEEP

393216:0MwYrasdfrfrcK9lLma+ZICF0EtLBXNUhSu7v/1gowwGUTrz2H9FWjvq1925S6UQ:0cdf7VqftVXabH1gJyv27Hg/UYyNTLg5

Score

10^/10

Malware Config

Extracted

Family

lumma

https://5ptit5tuded.cyou/api

Targets

- Target
  
  Qt5Core.dll
- Size
  
  6.0MB
- MD5
  
  65ca5d5efcb36677f934b96f40fed552
- SHA1
  
  34a433c41b11d809e3b3b59c2f4030d1e3d94782
- SHA256
  
  0aed0ae4b0631eb3ea9ad348b4e2f6276312192b8391a44209113668911596e0
- SHA512
  
  f28707f05d23b866e7e71173e82a7f0c799f4c3caadef4f8b9b9d9ec78466f98f93755d987f4de6c75551c7dcb47703cdc2cc718de156fbd52107d78c7888c49
- SSDEEP
  
  98304:UE5jJSnL0VxTOnyJJsv6tWKFdu9Cs/CzYnxqfDgw:UE5NSn0xrJJsv6tWKFdu9CMkexqfDF
Score

1^/10
behavioral1 behavioral2
- Target
  
  Qt5Network.dll
- Size
  
  1.3MB
- MD5
  
  c24c89879410889df656e3a961c59bcc
- SHA1
  
  25a9e4e545e86b0a5fe14ee0147746667892fabd
- SHA256
  
  739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e
- SHA512
  
  0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034
- SSDEEP
  
  24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E
Score

1^/10
behavioral3 behavioral4
- Target
  
  Setup.exe
- Size
  
  5.4MB
- MD5
  
  ad2735f096925010a53450cb4178c89e
- SHA1
  
  c6d65163c6315a642664f4eaec0fae9528549bfe
- SHA256
  
  4e775b5fafb4e6d89a4694f8694d2b8b540534bd4a52ff42f70095f1c929160e
- SHA512
  
  1868b22a7c5cba89545b06f010c09c5418b3d86039099d681eee9567c47208fdba3b89c6251cf03c964c58c805280d45ba9c3533125f6bd3e0bc067477e03ab9
- SSDEEP
  
  98304:o/zx+riUDpJowboU+XEsumY2XW6jBYeZ1ER:2x+riUDwUj12X1tY5
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  config.prx
- Size
  
  364KB
- MD5
  
  14934caca84d5fe0288f27efb31dcbf8
- SHA1
  
  98c8c659488a5782679112e0ffb089422a664ac5
- SHA256
  
  7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36
- SHA512
  
  9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a
- SSDEEP
  
  3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  libcrypto-1_1-x64.dll
- Size
  
  2.7MB
- MD5
  
  28dea3e780552eb5c53b3b9b1f556628
- SHA1
  
  55dccd5b30ce0363e8ebdfeb1cca38d1289748b8
- SHA256
  
  52415829d85c06df8724a3d3d00c98f12beabf5d6f3cbad919ec8000841a86e8
- SHA512
  
  19dfe5f71901e43ea34d257f693ae1a36433dbdbcd7c9440d9b0f9eea24de65c4a8fe332f7b88144e1a719a6ba791c2048b4dd3e5b1ed0fdd4c813603ad35112
- SSDEEP
  
  49152:KlOh5PuX2I9Rkf5gnQ7duzGuqFCtLQ2IqNPz38JQ41CPwDv3uFfJ:Q2Irkn2Iqt38C41CPwDv3uFfJ
Score

1^/10
behavioral10 behavioral9
- Target
  
  libssl-1_1-x64.dll
- Size
  
  669KB
- MD5
  
  4ad03043a32e9a1ef64115fc1ace5787
- SHA1
  
  352e0e3a628c8626cff7eed348221e889f6a25c4
- SHA256
  
  a0e43cbc4a2d8d39f225abd91980001b7b2b5001e8b2b8292537ae39b17b85d1
- SHA512
  
  edfae3660a5f19a9deda0375efba7261d211a74f1d8b6bf1a8440fed4619c4b747aca8301d221fd91230e7af1dab73123707cc6eda90e53eb8b6b80872689ba6
- SSDEEP
  
  12288:PcPPRr7K55yAAKDNkk1+cFc+CmRkS9/+wDe1rlXiE4D9u3AG3UQjA5WU2lvz:2N43+cFcmYhXixo7708U2lvz
Score

1^/10
behavioral11 behavioral12
- Target
  
  msvcp140.dll
- Size
  
  564KB
- MD5
  
  1ba6d1cf0508775096f9e121a24e5863
- SHA1
  
  df552810d779476610da3c8b956cc921ed6c91ae
- SHA256
  
  74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823
- SHA512
  
  9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af
- SSDEEP
  
  12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
Score

1^/10
behavioral13 behavioral14
- Target
  
  msvcp140_1.dll
- Size
  
  34KB
- MD5
  
  69d96e09a54fbc5cf92a0e084ab33856
- SHA1
  
  b4629d51b5c4d8d78ccb3370b40a850f735b8949
- SHA256
  
  a3a1199de32bbbc8318ec33e2e1ce556247d012851e4b367fe853a51e74ce4ee
- SHA512
  
  2087827137c473cdbec87789361ed34fad88c9fe80ef86b54e72aea891d91af50b17b7a603f9ae2060b3089ce9966fad6d7fbe22dee980c07ed491a75503f2cf
- SSDEEP
  
  384:z1vZLMtUYqOoKFYpWcm5gW/ki0pSt+eB+Hj+R9zUkUTRtHRN7SoHR9zui5TJ:zpCtzqOjKYWi0QKHji9zSRtnx9zJTJ
Score

1^/10
behavioral15 behavioral16
- Target
  
  opengl64.dll
- Size
  
  17.7MB
- MD5
  
  0a84667145e7efef026c888d4b768126
- SHA1
  
  27673e1bd7c55bba6eaa37620d3b3820ce45d46a
- SHA256
  
  dd575f3c64382193610815909bd2c52490244ecbbb9bba6eef5fe4f0bb43bb4d
- SHA512
  
  3e964c996ed358787c4dfdb965a00b38b4118c804ae1bf8d32aeb7d936584e72c188e3fa0d27d1c2ffd3be13dca8045b08b28b15070812c195d82d1bf23a2604
- SSDEEP
  
  393216:PXhbUNnoBP98OQ//aXUszfTBHCOUZ2UenCDkOH2:PXhNB4nlW
Score

1^/10
behavioral17 behavioral18
- Target
  
  steam_api64.dll
- Size
  
  291KB
- MD5
  
  6b4ab6e60364c55f18a56a39021b74a6
- SHA1
  
  39cac2889d8ca497ee0d8434fc9f6966f18fa336
- SHA256
  
  1db3fd414039d3e5815a5721925dd2e0a3a9f2549603c6cab7c49b84966a1af3
- SHA512
  
  c08de8c6e331d13dfe868ab340e41552fc49123a9f782a5a63b95795d5d979e68b5a6ab171153978679c0791dc3e3809c883471a05864041ce60b240ccdd4c21
- SSDEEP
  
  3072:504VEQ2u/niy9UVLCe9ZqdrP+VXvv+sJYB2RHKBi65lhTbCc+hnvvEyP7yq+uei1:QZu/i874ZcrMv2cRh7yqO2CPLHxYq8/B
Score

1^/10
behavioral19 behavioral20
- Target
  
  updater/NvStWiz.prx
- Size
  
  432KB
- MD5
  
  9e82e3b658393bed3f7e4f090df1fbe7
- SHA1
  
  bfff954b8ef192c01af9fb5d9141a21279cb9c31
- SHA256
  
  c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
- SHA512
  
  de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
- SSDEEP
  
  6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  vcruntime140.dll
- Size
  
  106KB
- MD5
  
  49c96cecda5c6c660a107d378fdfc3d4
- SHA1
  
  00149b7a66723e3f0310f139489fe172f818ca8e
- SHA256
  
  69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
- SHA512
  
  e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d
- SSDEEP
  
  1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
Score

1^/10
behavioral23 behavioral24
- Target
  
  vcruntime140_1.dll
- Size
  
  48KB
- MD5
  
  cf0a1c4776ffe23ada5e570fc36e39fe
- SHA1
  
  2050fadecc11550ad9bde0b542bcf87e19d37f1a
- SHA256
  
  6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
- SHA512
  
  d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168
- SSDEEP
  
  768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
Score

1^/10
behavioral25 behavioral26
- Target
  
  x64/Register.dll
- Size
  
  1.0MB
- MD5
  
  40b9628354ef4e6ef3c87934575545f4
- SHA1
  
  8fb5da182dea64c842953bf72fc573a74adaa155
- SHA256
  
  372b14fce2eb35b264f6d4aeef7987da56d951d3a09ef866cf55ed72763caa12
- SHA512
  
  02b0ea82efbfbe2e7308f86bfbec7a5109f3fe91d42731812d2e46aebedce50aabc565d2da9d3fbcd0f46febbff49c534419d1a91e0c14d5a80f06b74888c641
- SSDEEP
  
  24576:k0Rdvjw14ZCWQuTs54Qbz27j7BS2Nv+4BT8+u60:BDZ2zAj7pXT3i
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  x64/glioma.asp
- Size
  
  1.4MB
- MD5
  
  99083617f7139ee9ad5d6b719286ac3a
- SHA1
  
  78af90e2bf04d41a9839526b00630d439fecafe0
- SHA256
  
  7cddf32de8b02b3ecf42c50ded8593770c5ab96d76247155f28d1d3cc87a541f
- SHA512
  
  a54ef634f43190fcf83eb1967b55e3e90a310c48ed0c8350de86a92be623f5502ab335e7a70cdfa8f126b3570b164781cfb625679741e6224976726655bf35ab
- SSDEEP
  
  24576:qlHJgwSq7bfCao4XM7+jjA29WG6sCc5dk3U/sR6G38DoouqJlGzqBAR2M:qlHJi+bfu4sAjZWG6sCc/kR5MEZqFBAP
Score

3^/10
behavioral29 behavioral30
- Target
  
  x64/libvlc.dll
- Size
  
  172KB
- MD5
  
  96214b94b796bffc48d63289854ae5a2
- SHA1
  
  383bde4b3a861d47794aa4f03479a48c10a644dd
- SHA256
  
  528c416cfb4813ee5f1da52743ef4adb20043171230098b27e25d1dd90e3f288
- SHA512
  
  5243dd7153793ae33c3a25f2a92579c4e31813545680de9a0abab36e61d42655db4796a6f47606b47d6dce0d3f47754fd29fbfd18b973b029df0c543915750f3
- SSDEEP
  
  3072:mZ6EqHx7iXIb/WmRJKn9llPMBq4tNyupwPU0sG0:mZ6E+x7iYiiMn9llP8q4tNyuusc0
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32