lumma | 6203ae1dce0e03377385abdc8a619ddf454fbc061bdc4a4bacfeac2ecea86e37 | Triage

Resubmissions

28/11/2024, 02:10

241128-clsxwawrbl 10

28/11/2024, 02:07

241128-ckherazrcx 10

Sharing

General

Target

Aura.zip
Size

55.8MB
Sample

241128-ckherazrcx
MD5

3518ae8d8d61f914db1e3d0f904375b0
SHA1

df8e9f75d546cc5e88701409f5d1c4a67c501204
SHA256

6203ae1dce0e03377385abdc8a619ddf454fbc061bdc4a4bacfeac2ecea86e37
SHA512

7d0f3852323b9f5550338b67bf4afabd6b1d4aa33e5ff3bcbfe0b1794f02913e66754e9c98ba1fc485030483197b686e0278518ed8e3c1950bc8513d3073752a
SSDEEP

1572864:EvzGKA9qxzzvPH3ZN0pLN8jWnj9PdBURyfIYARg+oKk:ErNWMn5epLjxVBPIxnk

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://preside-comforter.sbs

https://savvy-steereo.sbs

https://copper-replace.sbs

https://record-envyp.sbs

https://slam-whipp.sbs

https://wrench-creter.sbs

https://looky-marked.sbs

https://plastic-mitten.sbs

https://hallowed-noisy.sbs

Extracted

Family

lumma

C2

https://hallowed-noisy.sbs/api

https://plastic-mitten.sbs/api

https://looky-marked.sbs/api

https://wrench-creter.sbs/api

https://slam-whipp.sbs/api

https://record-envyp.sbs/api

https://copper-replace.sbs/api

https://savvy-steereo.sbs/api

https://preside-comforter.sbs/api

Targets

- Target
  
  Aura.zip
- Size
  
  55.8MB
- MD5
  
  3518ae8d8d61f914db1e3d0f904375b0
- SHA1
  
  df8e9f75d546cc5e88701409f5d1c4a67c501204
- SHA256
  
  6203ae1dce0e03377385abdc8a619ddf454fbc061bdc4a4bacfeac2ecea86e37
- SHA512
  
  7d0f3852323b9f5550338b67bf4afabd6b1d4aa33e5ff3bcbfe0b1794f02913e66754e9c98ba1fc485030483197b686e0278518ed8e3c1950bc8513d3073752a
- SSDEEP
  
  1572864:EvzGKA9qxzzvPH3ZN0pLN8jWnj9PdBURyfIYARg+oKk:ErNWMn5epLjxVBPIxnk
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

behavioral2