lumma | 6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74 | Triage

Submit
Reports

Overview

overview

Static

static

3

Zorara.zip

windows7-x64

1

Zorara.zip

windows10-2004-x64

Resubmissions

26-11-2024 19:09

241126-xtsx3a1nfj 10

26-11-2024 19:08

241126-xs64asvmcw 7

Sharing

General

Target

Zorara.zip
Size

498KB
Sample

241126-xtsx3a1nfj
MD5

935eca784190b019bddfcbd9977c9416
SHA1

7dc1869d79a110f7394afe4b93c06b586185139d
SHA256

6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74
SHA512

624f2b2348a4ab37855cd238b244d99f9dfdf4cfd7c8bfb2e55ad72aeee161db1d8a9e961e6e31f6be5f52a0f9c0562f49e484dc9763540c7c45ea819a9cdae3
SSDEEP

12288:UmCAJEZ64ZZnv7zOCcf+X/N4mUiRvyPqBmKUU+zSy:Uc4ZZvOPBi5/BmKUBWy

Score

10^/10

lumma discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Zorara.zip

Resource

win7-20240729-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zorara.zip

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

https://disobey-curly.sbs/api

https://motion-treesz.sbs/api

https://powerful-avoids.sbs/api

Targets

- Target
  
  Zorara.zip
- Size
  
  498KB
- MD5
  
  935eca784190b019bddfcbd9977c9416
- SHA1
  
  7dc1869d79a110f7394afe4b93c06b586185139d
- SHA256
  
  6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74
- SHA512
  
  624f2b2348a4ab37855cd238b244d99f9dfdf4cfd7c8bfb2e55ad72aeee161db1d8a9e961e6e31f6be5f52a0f9c0562f49e484dc9763540c7c45ea819a9cdae3
- SSDEEP
  
  12288:UmCAJEZ64ZZnv7zOCcf+X/N4mUiRvyPqBmKUU+zSy:Uc4ZZvOPBi5/BmKUBWy
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoverystealer

© 2018-2024

Terms | Privacy