lumma | 03323fbc61c33a90232828c9dd3183cc25c4a7529188f476e1728e6ee8168a35 | Triage

Sharing

General

Target

03323fbc61c33a90232828c9dd3183cc25c4a7529188f476e1728e6ee8168a35.exe
Size

574KB
Sample

241122-hnkbeasjgn
MD5

cb2102ed163924edc3e6ea38ba9e9005
SHA1

3d9e017c7c02ba3a77811f4895c85f6d8e5f45e1
SHA256

03323fbc61c33a90232828c9dd3183cc25c4a7529188f476e1728e6ee8168a35
SHA512

0385883f3d83da070bfbb0522b2a31d50d81eee7ae516de9b49888e4fdba8bbe54bcf9e08d2da312166ddf1e09db35e9badc8dee97340f5c969f961d746a89ca
SSDEEP

12288:SRgyqSwAN2kLkjnP13tGIGef4cDDKeCxeAn3tCk9Rj71Mlr71:ig2N2kLkTd3AIGFcDtSVvCr71

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://fumblingactor.cyou/api

Targets

- Target
  
  03323fbc61c33a90232828c9dd3183cc25c4a7529188f476e1728e6ee8168a35.exe
- Size
  
  574KB
- MD5
  
  cb2102ed163924edc3e6ea38ba9e9005
- SHA1
  
  3d9e017c7c02ba3a77811f4895c85f6d8e5f45e1
- SHA256
  
  03323fbc61c33a90232828c9dd3183cc25c4a7529188f476e1728e6ee8168a35
- SHA512
  
  0385883f3d83da070bfbb0522b2a31d50d81eee7ae516de9b49888e4fdba8bbe54bcf9e08d2da312166ddf1e09db35e9badc8dee97340f5c969f961d746a89ca
- SSDEEP
  
  12288:SRgyqSwAN2kLkjnP13tGIGef4cDDKeCxeAn3tCk9Rj71Mlr71:ig2N2kLkTd3AIGFcDtSVvCr71
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

lummadiscoverystealer