lumma | 337878fbbbf37304642477ba26b75b1bfb6a39949463c2ba718f41430ac1b5ee | Triage

Sharing

General

Target

oLjfePjg.txt
Size

40.7MB
Sample

241127-rgs5eawphs
MD5

88a5f6c22e2fb3a57f186338c207fb13
SHA1

0e80bef96bc198797cf05521192e492fb068a3bc
SHA256

337878fbbbf37304642477ba26b75b1bfb6a39949463c2ba718f41430ac1b5ee
SHA512

c060b99e30a8cb2755471040e32a517f78f0369cb57d794010e2ca66064446800bb272f0db1fdd8af7ce0c7269d95dd4fdb4b27df2d1a179c0ffc199765a1147
SSDEEP

49152:rqQWkpJekS1LZHDWNsLBvvY5r6sosgmFoPdCNDSFHjYljUQoy/7VK7n09YTidHiO:P

Score

10^/10

lumma discovery execution persistence stealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://motionless-temper.cyou

Extracted

Family

lumma

C2

https://motionless-temper.cyou/api

Targets

- Target
  
  oLjfePjg.txt
- Size
  
  40.7MB
- MD5
  
  88a5f6c22e2fb3a57f186338c207fb13
- SHA1
  
  0e80bef96bc198797cf05521192e492fb068a3bc
- SHA256
  
  337878fbbbf37304642477ba26b75b1bfb6a39949463c2ba718f41430ac1b5ee
- SHA512
  
  c060b99e30a8cb2755471040e32a517f78f0369cb57d794010e2ca66064446800bb272f0db1fdd8af7ce0c7269d95dd4fdb4b27df2d1a179c0ffc199765a1147
- SSDEEP
  
  49152:rqQWkpJekS1LZHDWNsLBvvY5r6sosgmFoPdCNDSFHjYljUQoy/7VK7n09YTidHiO:P
Score

10^/10

execution lumma discovery persistence stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lummadiscoveryexecutionpersistencestealer