lumma | d3bb6c8c38ef8403b20b866dcd3f871ebec160111e462866ca233183425bd00f | Triage

Sharing

General

Target

@#%$#$%%$rD__916464--0peɴ_Set-U!@#ᴘ$%$#$.zip
Size

26.4MB
Sample

241127-xbvzpsvngy
MD5

bd6fb00cd9c674a288bec16683fc5599
SHA1

a27fce7fedfd9478a43decc4d85c04e5ce908ff6
SHA256

d3bb6c8c38ef8403b20b866dcd3f871ebec160111e462866ca233183425bd00f
SHA512

3d399cae26834b3a4dac285210237b4bdc70f37466e1b10219fb0507499da96658f8b49162aaf21375be43da41295662f70f71205f69b7c23c688948cebe76b4
SSDEEP

393216:yE6in6/7hkohNOK+uUYomR7R7WITFzmXwOfCpBpSTkrgxiuLkvcLLCUrqxVH95LC:y5fJNlMgR7ZTtmgOfCpBpSh7q9Z0IqP

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://mountain-peak.shop/api

Targets

- Target
  
  @#%$#$%%$rD__916464--0peɴ_Set-U!@#ᴘ$%$#$.zip
- Size
  
  26.4MB
- MD5
  
  bd6fb00cd9c674a288bec16683fc5599
- SHA1
  
  a27fce7fedfd9478a43decc4d85c04e5ce908ff6
- SHA256
  
  d3bb6c8c38ef8403b20b866dcd3f871ebec160111e462866ca233183425bd00f
- SHA512
  
  3d399cae26834b3a4dac285210237b4bdc70f37466e1b10219fb0507499da96658f8b49162aaf21375be43da41295662f70f71205f69b7c23c688948cebe76b4
- SSDEEP
  
  393216:yE6in6/7hkohNOK+uUYomR7R7WITFzmXwOfCpBpSTkrgxiuLkvcLLCUrqxVH95LC:y5fJNlMgR7ZTtmgOfCpBpSh7q9Z0IqP
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  @#%$#$%%$rD__916464--0peɴ_Set-U!@#ᴘ.zip
- Size
  
  26.4MB
- MD5
  
  8268622b0f4df68c67db1bcd05509a0d
- SHA1
  
  40a1e362b03e36c2f9e96ff14b1c7ee6cf25fdba
- SHA256
  
  198dbb3e51c3031d94edd0c3fe2b522c4375b021ec070685fee28f9adee50b69
- SHA512
  
  607bf53e0266c106a6a5e82f1fb05c386b2f5823e8d6d8645d7ccd167ee19f6a89687b51271b4cc13b2a9d1c7bc9d17aa91bde95492a51649e14ced927b91d46
- SSDEEP
  
  393216:gUEQRAT9XQ0lPsE+OueaUJt5r2ab3zm/YOdmtb/8T4VoFqYf6BqBFMWDYdHPLTXJ:gxJjPFUQ5rpbDmAOdmtb/8RpGLbE+wU
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2