lumma | 1425478a96cf67a4805323afa3987ea4e7424dad16e7c3c32d03da96fa049919 | Triage

Sharing

General

Target

Setup.exe
Size

70.0MB
Sample

241124-wxn8lssldy
MD5

d3ded6f6292b7b3b538776a0ca8f33b2
SHA1

de88a415456610f30bf171880d6c5cbbb3ca3240
SHA256

1425478a96cf67a4805323afa3987ea4e7424dad16e7c3c32d03da96fa049919
SHA512

bb3ebb0e8c694501f49bcf2c4feaa86bac1dd1570e227e8abe74538f969eb45d93ccfb9529b99d4eeb47c2ef25548bac6756662ca639c1c42295a60204309764
SSDEEP

24576:ATLKgMF5jTObaIvsD7sBM8I7oRCL7piz5nWXVW:Tv5rIf1RRGwn4Q

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://spicywind.shop/api

Targets

- Target
  
  Setup.exe
- Size
  
  70.0MB
- MD5
  
  d3ded6f6292b7b3b538776a0ca8f33b2
- SHA1
  
  de88a415456610f30bf171880d6c5cbbb3ca3240
- SHA256
  
  1425478a96cf67a4805323afa3987ea4e7424dad16e7c3c32d03da96fa049919
- SHA512
  
  bb3ebb0e8c694501f49bcf2c4feaa86bac1dd1570e227e8abe74538f969eb45d93ccfb9529b99d4eeb47c2ef25548bac6756662ca639c1c42295a60204309764
- SSDEEP
  
  24576:ATLKgMF5jTObaIvsD7sBM8I7oRCL7piz5nWXVW:Tv5rIf1RRGwn4Q
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2