lumma | 9cae15eb24885aae94012eba1f8cdfb39a08615f876897d8d056771e368b8a96

General

Target

9cae15eb24885aae94012eba1f8cdfb39a08615f876897d8d056771e368b8a96
Size

685KB
Sample

241126-x9dhbawkev
MD5

a19287453762b8bed2b6a7ce68c413ca
SHA1

3a2c2e5281803e16b7395aa02c2feede585acbf8
SHA256

9cae15eb24885aae94012eba1f8cdfb39a08615f876897d8d056771e368b8a96
SHA512

d7475ec1451da72793eaa1a7a12c2d3f4a30e2c5904ac834e03c91666cfc7fb7d74a2701e148dcab124b6b52e0fd652af4c36241da95219a227459518b9f7a9c
SSDEEP

12288:OhYrnw0OYSSa6Hruex0S5AT6OYRbyA8Vd0lHx3vLrF5t8mpA+2L6osAtR5MkIzGB:OZEaWx0OOMnlHx395txpL2e

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://fumblingactor.cyou

Extracted

Family

lumma

C2

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Targets

- Target
  
  9cae15eb24885aae94012eba1f8cdfb39a08615f876897d8d056771e368b8a96
- Size
  
  685KB
- MD5
  
  a19287453762b8bed2b6a7ce68c413ca
- SHA1
  
  3a2c2e5281803e16b7395aa02c2feede585acbf8
- SHA256
  
  9cae15eb24885aae94012eba1f8cdfb39a08615f876897d8d056771e368b8a96
- SHA512
  
  d7475ec1451da72793eaa1a7a12c2d3f4a30e2c5904ac834e03c91666cfc7fb7d74a2701e148dcab124b6b52e0fd652af4c36241da95219a227459518b9f7a9c
- SSDEEP
  
  12288:OhYrnw0OYSSa6Hruex0S5AT6OYRbyA8Vd0lHx3vLrF5t8mpA+2L6osAtR5MkIzGB:OZEaWx0OOMnlHx395txpL2e
Score

10^/10

discovery lumma stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Lumma Stealer, LummaC

Lumma family

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2