lumma | 001a8f9939e4f664c56ca5fa424e3a94875eb537077a6004f62bcaef7a3d33b9 | Triage

Submit
Reports

Overview

overview

Static

static

1

solara-github-v3

windows10-2004-x64

solara-github-v3

windows11-21h2-x64

4

Sharing

General

Target

solara-github-v3
Size

249KB
Sample

241126-sx6wwatlaq
MD5

daadf00c9fd279edae7aee4e9a794674
SHA1

e2cbda2edd5e73f9329758309bc727712c972554
SHA256

001a8f9939e4f664c56ca5fa424e3a94875eb537077a6004f62bcaef7a3d33b9
SHA512

ffe021091373d37312ffc5371540598651f1445914116b10f87f7d691320ff7a95c89ae0502d4f54aa446c80729900c6645557786f67d1ece68ada44b69c837a
SSDEEP

6144:n1s4+pOL/saqkPV9FemLtcsDSsmwL9gvZJT3CqbMrhryf65NRPaCieMjAkvCJv1a:1s4+pOL/saqkPV9FemLtcsDSsmwL9gvt

Score

10^/10

lumma discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

solara-github-v3

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

18 signatures

1800 seconds

Behavioral task

behavioral2

Sample

solara-github-v3

Resource

win11-20241007-en

windows11-21h2-x64

10 signatures

1800 seconds

Malware Config

Extracted

Family

lumma

C2

https://p3ar11fter.sbs

https://3xp3cts1aim.sbs

https://owner-vacat10n.sbs

https://peepburry828.sbs

https://p10tgrace.sbs

https://befall-sm0ker.sbs

https://librari-night.sbs

https://processhol.sbs

https://cook-rain.sbs

Extracted

Family

lumma

C2

https://cook-rain.sbs/api

Targets

- Target
  
  solara-github-v3
- Size
  
  249KB
- MD5
  
  daadf00c9fd279edae7aee4e9a794674
- SHA1
  
  e2cbda2edd5e73f9329758309bc727712c972554
- SHA256
  
  001a8f9939e4f664c56ca5fa424e3a94875eb537077a6004f62bcaef7a3d33b9
- SHA512
  
  ffe021091373d37312ffc5371540598651f1445914116b10f87f7d691320ff7a95c89ae0502d4f54aa446c80729900c6645557786f67d1ece68ada44b69c837a
- SSDEEP
  
  6144:n1s4+pOL/saqkPV9FemLtcsDSsmwL9gvZJT3CqbMrhryf65NRPaCieMjAkvCJv1a:1s4+pOL/saqkPV9FemLtcsDSsmwL9gvt
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2

© 2018-2024

Terms | Privacy