lumma | 8bbceb5526f4c4cf26a60c0094e8ebbf7811cc54500bb86e07de84b64d5c223c | Triage

Submit
Reports

Overview

overview

Static

static

3

Install.exe

windows7-x64

Install.exe

windows10-2004-x64

Sharing

General

Target

Install.exe
Size

459KB
Sample

241126-wsqkwayqeq
MD5

ad38d43c1eca47ac35ac2139b87379ac
SHA1

86cbcc824c314d83a1e50c9a9c5e720a3a94944d
SHA256

8bbceb5526f4c4cf26a60c0094e8ebbf7811cc54500bb86e07de84b64d5c223c
SHA512

7fd4755a2111064a78fd2d9cefa67773bf7fb190e389aac5b460e9f4d82f0302524436989a86fc6b525208c81726a3830ad5ba447763152d5ca964c204c78e28
SSDEEP

12288:vV4fznmsrVQRW8D8XpjHCpJ+IYCNIqI2070iailr7v:vuyCFXpc+IYvqager7v

Score

10^/10

lumma defense_evasion discovery persistence phishing privilege_escalation stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Install.exe

Resource

win7-20240903-en

lumma defense_evasion discovery persistence phishing privilege_escalation stealer

windows7-x64

30 signatures

150 seconds

Behavioral task

behavioral2

Sample

Install.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://property-imper.sbs

Extracted

Family

lumma

C2

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Targets

- Target
  
  Install.exe
- Size
  
  459KB
- MD5
  
  ad38d43c1eca47ac35ac2139b87379ac
- SHA1
  
  86cbcc824c314d83a1e50c9a9c5e720a3a94944d
- SHA256
  
  8bbceb5526f4c4cf26a60c0094e8ebbf7811cc54500bb86e07de84b64d5c223c
- SHA512
  
  7fd4755a2111064a78fd2d9cefa67773bf7fb190e389aac5b460e9f4d82f0302524436989a86fc6b525208c81726a3830ad5ba447763152d5ca964c204c78e28
- SSDEEP
  
  12288:vV4fznmsrVQRW8D8XpjHCpJ+IYCNIqI2070iailr7v:vuyCFXpc+IYvqager7v
Score

10^/10

lumma defense_evasion discovery persistence phishing privilege_escalation stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadefense_evasiondiscoverypersistencephishingprivilege_escalationstealer

behavioral2

lummadiscoverystealer

© 2018-2024

Terms | Privacy