lumma | 1ce5ca122a8a01ea292b347950b5c8d8cb0cea29f8a9fb9e0d0e249462acebbe | Triage

Sharing

General

Target

1732126153.61061_wild things.bin
Size

8.1MB
Sample

241120-wspcta1fjp
MD5

0d192a52df0ca9da48e517684e5ad781
SHA1

557a94480b6fc3fe1c711ab4ff9e1909c3f73e31
SHA256

1ce5ca122a8a01ea292b347950b5c8d8cb0cea29f8a9fb9e0d0e249462acebbe
SHA512

266d0348029f28e75fc83c16487e674fda426f86c174ad79f4a6cb2bae1e9c89c9fa8f9629c010e98df9d77b0af4f71e202b333b45961836f389205fc22ae8e5
SSDEEP

196608:LDkvAN8JGCFSWFLf6P2Pbeq+ybHFjhtWYRuL2Pdd+IjN2:YuCFSkSP2P/+y7FjOEuL2Pdd+

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://gentlewave.shop/api

Targets

- Target
  
  1732126153.61061_wild things.bin
- Size
  
  8.1MB
- MD5
  
  0d192a52df0ca9da48e517684e5ad781
- SHA1
  
  557a94480b6fc3fe1c711ab4ff9e1909c3f73e31
- SHA256
  
  1ce5ca122a8a01ea292b347950b5c8d8cb0cea29f8a9fb9e0d0e249462acebbe
- SHA512
  
  266d0348029f28e75fc83c16487e674fda426f86c174ad79f4a6cb2bae1e9c89c9fa8f9629c010e98df9d77b0af4f71e202b333b45961836f389205fc22ae8e5
- SSDEEP
  
  196608:LDkvAN8JGCFSWFLf6P2Pbeq+ybHFjhtWYRuL2Pdd+IjN2:YuCFSkSP2P/+y7FjOEuL2Pdd+
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer

behavioral3