lumma | 0b7ff4e3e09fb5b7c6ecd2148b7576b0e2d157d68c4c770b881176c84e4193e0 | Triage

Sharing

General

Target

3xLnch3r.exe
Size

58.4MB
Sample

241120-nv94asxajl
MD5

e7974241b68c6eb9aeff129cdca850aa
SHA1

68953589d7bb0c854e69ef0fcbfc73b5dcbfc38d
SHA256

0b7ff4e3e09fb5b7c6ecd2148b7576b0e2d157d68c4c770b881176c84e4193e0
SHA512

cbb0c0475f593e446f8a192e42dd6e786fbf6027e2e4a8151dbbff4908453c3601d9e38b59bc1c583f5c3b702486ae8db55beeac17fb59b21a24da8dbef29b51
SSDEEP

196608:aB3P97yszk7aaDnp9xLjK6KONQW0sDYC55RDaXkGbiKAe:UP97HkOQxXpNQwz2

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://windpull.cyou/api

Targets

- Target
  
  3xLnch3r.exe
- Size
  
  58.4MB
- MD5
  
  e7974241b68c6eb9aeff129cdca850aa
- SHA1
  
  68953589d7bb0c854e69ef0fcbfc73b5dcbfc38d
- SHA256
  
  0b7ff4e3e09fb5b7c6ecd2148b7576b0e2d157d68c4c770b881176c84e4193e0
- SHA512
  
  cbb0c0475f593e446f8a192e42dd6e786fbf6027e2e4a8151dbbff4908453c3601d9e38b59bc1c583f5c3b702486ae8db55beeac17fb59b21a24da8dbef29b51
- SSDEEP
  
  196608:aB3P97yszk7aaDnp9xLjK6KONQW0sDYC55RDaXkGbiKAe:UP97HkOQxXpNQwz2
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2